CVE-2017-1000193
October CMS 412 is reported to be vulnerable to a stored XSS (WCI) via the brand logo image name, allowing injected JavaScript to execute in the victim’s browser. The root cause, as described in the connected materials, is a stored XSS flaw in the brand logo handling. The documents do not specify...