2 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the stylesheet input in the backend branding and appearance configuration. An attacker can execute arbitrary scripts in the context of backend users by injecting malicious HTML or JavaScript. This is only...
GHSA-WVPQ-H33F-8RP6 October CMS Vulnerable to Stored XSS via Branding Styles
A cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms: - Branding and Appearances Styles A user with the Customize Backend Styles permission could inject malicious HTML/JS into the stylesheet input at Settings → Branding & Appearance → Styles. A...