4 matches found
CVE-2025-61676
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission could inject malicious HTML/JS into the...
CVE-2025-61676
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission could inject malicious HTML/JS into the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the stylesheet input in the backend branding and appearance configuration. An attacker can execute arbitrary scripts in the context of backend users by injecting malicious HTML or JavaScript. This is only...
Cross-site Scripting (XSS)
Overview october/system is a System module for October CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the stylesheet input in the backend branding and appearance configuration. An attacker can execute arbitrary scripts in the context of backend users by...