CVE-2026-27937

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting XSS vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. This vulnerability is fixed in 3.7.16 and...

CVE-2026-26067 October: Safe Mode Bypass via CSS Preprocessor Compilers

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...

October 安全漏洞

October is an open-source content management system CMS and network platform developed by October. Versions prior to October 3.7.14 and 4.1.10 contained security vulnerabilities. These vulnerabilities were due to issues with Twig’s sandbox security policies, which could allow backend users with...

CVE-2026-24906

October CMS versions 3.7.0–3.7.13 and 4.1.0–4.1.9 are affected by a Stored XSS in Backend Editor Settings. The vulnerability stems from unsanitized input in the Markup Classes field used for paragraph, inline, and table styles, which could render JavaScript in Froala editor dropdowns when a user ...

October 信息泄露漏洞

October is an open-source content management system CMS and online platform developed by October. Versions prior to October 3.7.14 and 4.1.10 contained a vulnerability related to information leakage. This vulnerability stemmed from the INI configuration parser’s server-side information leakage,...

EUVD-2026-1689

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission could inject malicious HTML/JS into the...

October CMS 跨站脚本漏洞

October CMS is an open source content management system CMS from October CMS based on PHP and the Laravel web application framework. A cross-site scripting vulnerability exists in October CMS versions prior to 3.7.13 and prior to 4.0.12, which stems from insufficient cleanup and escaping in...

PT-2026-1832

Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.13 October versions prior to 4.0.12 Description October is a Content Management System CMS and web platform. A cross-site scripting XSS issue exists in October CMS backend configuration forms. A user possessing th...

October 代码问题漏洞

October is a content management system CMS and web platform from October Open Source. A code issue vulnerability exists in versions prior to October 3.7.5 that stems from not properly cleaning SVG files, which could lead to bypassing protection...

October Code Injection Vulnerability

October is an open source Content Management System CMS and web platform from October. October is vulnerable to a code injection vulnerability that originates when "editor.cmspages", "editor.cmslayouts" or "editor.cmsparticles" is enabled with "cms.safemode". editor.cmspages", "editor.cmslayouts"...

October CMS 代码代码注入漏洞

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. A file upload vulnerability exists in October CMS, which stems from the "Create, Modify, and Delete Site Pages" privilege of the management system, and can be exploited by an attacker t...

October CMS 授权问题漏洞

October CMS is an open source content management system CMS based on PHP and the Laravel web application framework. October CMS suffers from an authorization issue vulnerability where a previously deleted administrator account may still be able to log into the backend using October CMS v2.0...

PT-2021-4044

Name of the Vulnerable Software and Affected Versions: October CMS versions prior to Build 472 and v1.1.5 Description: The issue is related to an improper authentication mechanism in the October CMS platform, which is based on the Laravel PHP Framework. An attacker can exploit this by requesting ...

October CMS Information Disclosure Vulnerability

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. An information disclosure vulnerability exists in versions of October CMS prior to 1.0.468 that stems from the program not binding an encrypted cookie value to the cookie name of that...

October CMS Cross-Site Scripting Vulnerability (CNVD-2020-43155)

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. A cross-site scripting vulnerability exists in October CMS versions prior to 1.0.319 and prior to 1.0.466. The vulnerability stems from a lack of proper validation of client-side data b...

October CMS Cross-Site Scripting Vulnerability (CNVD-2020-38888)

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. A cross-site scripting vulnerability exists in October CMS composer versions 1.0.319 and later fixed in version 1.0.466. The vulnerability stems from a lack of proper validation of...

October CMS build cross-site scripting vulnerability

October CMS is an open source, self-hosted content management system CMS built on the Laravel PHP framework developed by Canadian software developer Alexey Bobkov and Australian software developer Samuel Georges. A cross-site scripting vulnerability in October CMS build 271 and earlier allows...