CVE-2026-24906

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting XSS vulnerability in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to...

October CMS has Stored XSS in Backend Editor Markup Classes

A stored cross-site scripting XSS vulnerability was identified in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala...

CVE-2026-24906 October CMS has Stored XSS in its Backend Editor Markup Classes

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting XSS vulnerability in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to...

CVE-2026-24906

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting XSS vulnerability in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to...

PT-2026-32726

A stored cross-site scripting XSS vulnerability was identified in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala...

CVE-2023-43263

A Cross-site scripting XSS vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component...

EUVD-2021-2190

Malware in sbrugna...

EUVD-2023-47682

Malicious code in bioql PyPI...

EUVD-2022-1026

Malicious code in bioql PyPI...

EUVD-2022-5026

Malicious code in bioql PyPI...

EUVD-2023-2529

Malicious code in bioql PyPI...

CVE-2023-42426

Cross-site scripting XSS vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component...

CVE-2023-41592

Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2021-30109

Froala Editor 3.2.6 is affected by Cross Site Scripting XSS. Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting XSS vulnerability within the hyperlink creation module...

CVE-2020-26523

Froala Editor before 3.2.2 allows XSS via pasted content...

CVE-2019-19935

Froala Editor before 3.2.3 allows XSS...

@averystupidtest/reditor (=3.0.10), @beisen-oneops/amis-ui (>=1.0.0 <=1.0.6) +168 more potentially affected by CVE-2024-51434 via froala-editor (>=2.3.5 <=4.3.0)

froala-editor NPM version =2.3.5, =1.0.0, =1.0.2, =1.0.0, =5.11.0, =1.0.1, =1.0.0, =1.0.0, =6.10.0, =0.1.0, =6.12.0-beat1, =6.12.24 and more Source cves: CVE-2024-51434 Source advisory: OSV:GHSA-549P-5C7F-C5P4...

Simple College Website 1.0 SQL Injection / Code Execution

============================================================================================================================================= | Title : Simple College Website 1.0 WYSIWYG Settings Management Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

School Log Management System 1.0 SQL Injection / Code Execution

============================================================================================================================================= | Title : School Log Management System 1.0 WYSIWYG Settings Management Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

CVE-2023-43263

A Cross-site scripting XSS vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component...