### [CVE-2024-45962](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45962)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.6.30%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target.

### POC

#### Reference
- https://grimthereaperteam.medium.com/october-cms-3-6-30-stored-xss-ddf2be7a226e

#### Github
No PoCs found on GitHub currently.