10 matches found
October CMS Has Stored XSS In Backend Editor Markup Classes
A stored cross-site scripting XSS vulnerability was identified in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala...
CVE-2026-24906
October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting XSS vulnerability in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to...
GHSA-6QMH-J78V-FFP7 October CMS has Stored XSS in Backend Editor Markup Classes
A stored cross-site scripting XSS vulnerability was identified in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala...
EUVD-2026-22659
October CMS has Stored XSS in Backend Editor Markup Classes...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the processing of the Markup Classes fields within the backend editor settings. An attacker can execute arbitrary JavaScript code in the context of users who open a RichEditor by injecting malicious values th...
October CMS has Stored XSS in Backend Editor Markup Classes
A stored cross-site scripting XSS vulnerability was identified in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala...
CVE-2026-24906
October CMS versions 3.7.0–3.7.13 and 4.1.0–4.1.9 are affected by a Stored XSS in Backend Editor Settings. The vulnerability stems from unsanitized input in the Markup Classes field used for paragraph, inline, and table styles, which could render JavaScript in Froala editor dropdowns when a user ...
CVE-2026-24906 October CMS has Stored XSS in its Backend Editor Markup Classes
October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting XSS vulnerability in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to...
CVE-2026-24906 October CMS has Stored XSS in its Backend Editor Markup Classes
October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting XSS vulnerability in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to...
PT-2026-32726
A stored cross-site scripting XSS vulnerability was identified in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala...