7 matches found
EUVD-2026-1734
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...
EUVD-2026-1689
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission could inject malicious HTML/JS into the...
CVE-2025-61676
CVE-2025-61676 affects October CMS prior to 3.7.13 and 4.0.12, where a stored XSS in the backend configuration form (Branding & Appearance → Styles) could be injected by users with Customize Backend Styles permission. A crafted input in the stylesheet field could break out of the context, enabli...
CVE-2025-61676 October CMS Vulnerable to Stored XSS via Branding Styles
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission could inject malicious HTML/JS into the...
CVE-2025-61676 October CMS Vulnerable to Stored XSS via Branding Styles
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission could inject malicious HTML/JS into the...
CVE-2025-61676 October CMS Vulnerable to Stored XSS via Branding Styles
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission could inject malicious HTML/JS into the...
October CMS Vulnerable to Stored XSS via Branding Styles
A cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms: - Branding and Appearances Styles A user with the Customize Backend Styles permission could inject malicious HTML/JS into the stylesheet input at Settings → Branding & Appearance → Styles. A...