10 matches found
CVE-2025-61674
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...
CVE-2025-61674
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...
CVE-2025-61674 October CMS Vulnerable to Stored XSS via Editor and Branding Styles
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...
CVE-2025-61674 October CMS Vulnerable to Stored XSS via Editor and Branding Styles
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...
CVE-2025-61674 October CMS Vulnerable to Stored XSS via Editor and Branding Styles
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...
CVE-2025-61674
CVE-2025-61674 concerns October CMS. An XSS vulnerability exists in backend configuration forms where a user with Global Editor Settings can inject HTML/JS into the Markup Styles stylesheet input. A crafted input can escape the context, enabling arbitrary script execution on backend pages for al...
PT-2026-1832
Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.13 October versions prior to 4.0.12 Description October is a Content Management System CMS and web platform. A cross-site scripting XSS issue exists in October CMS backend configuration forms. A user possessing th...
GHSA-GXXC-M74C-F48X October CMS Vulnerable to Stored XSS via Editor and Branding Styles
A cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms: - Editor Settings Markup Styles A user with the Global Editor Settings permission could inject malicious HTML/JS into the stylesheet input at Settings → Editor Settings → Markup Styles. A special...
October CMS Vulnerable to Stored XSS via Editor and Branding Styles
A cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms: - Editor Settings Markup Styles A user with the Global Editor Settings permission could inject malicious HTML/JS into the stylesheet input at Settings → Editor Settings → Markup Styles. A special...
The vulnerability of the PHP library for generating PDF documents from HTML markup and CSS styles, Dompdf, arises due to a possible interpretation conflict. This vulnerability allows an attacker to execute arbitrary code.
The vulnerability of the PHP library for generating PDF documents from HTML markup and CSS styles, Dompdf, is related to the occurrence of interpretation conflicts. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...