CVE-2025-32185 WordPress Colibri Page Builder plugin <= 1.0.329 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Extend Themes Colibri Page Builder colibri-page-builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through = 1.0.329...

Double free

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since S...

October CMS Cross-Site Scripting Vulnerability

October CMS is an open source content management system CMS based on PHP and the Laravel web application framework. A security vulnerability exists in October CMS versions 1.0.319 and 1.0.469 that allows a back-end user with upload file privileges to upload SVG files without any processing of the...

October CMS Security Breach

October CMS is an open source content management system CMS based on PHP and the Laravel web application framework. A security vulnerability exists in October 1.0.319 and versions prior to 1.0.470, which stems from an enabled enableSafeMode that allows specific Twig code to be written to escape t...

October CMS Cross-Site Scripting Vulnerability (CNVD-2020-43155)

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. A cross-site scripting vulnerability exists in October CMS versions prior to 1.0.319 and prior to 1.0.466. The vulnerability stems from a lack of proper validation of client-side data b...

CVE-2020-11083

In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users...

Cross site scripting

In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users...

CVE-2020-4061

In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467...

October CMS Arbitrary File Read Vulnerability (CNVD-2020-38885)

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. A security vulnerability exists in October CMS composer versions 1.0.319 and later fixed in version 1.0.466. An attacker could exploit the vulnerability to read local files on the Octob...

October CMS Directory Traversal Vulnerability

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. A security vulnerability exists in October CMS composer versions 1.0.319 and later fixed in version 1.0.466. An attacker can exploit the vulnerability to upload files to any directory o...