9 matches found
CVE-2025-61674
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...
CVE-2025-61674
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...
CVE-2025-61674 October CMS Vulnerable to Stored XSS via Editor and Branding Styles
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...
CVE-2025-61674
CVE-2025-61674 concerns October CMS. An XSS vulnerability exists in backend configuration forms where a user with Global Editor Settings can inject HTML/JS into the Markup Styles stylesheet input. A crafted input can escape the context, enabling arbitrary script execution on backend pages for al...
CVE-2025-61674 October CMS Vulnerable to Stored XSS via Editor and Branding Styles
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...
CVE-2025-61674 October CMS Vulnerable to Stored XSS via Editor and Branding Styles
October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...
PT-2026-1832
Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.13 October versions prior to 4.0.12 Description October is a Content Management System CMS and web platform. A cross-site scripting XSS issue exists in October CMS backend configuration forms. A user possessing th...
GHSA-GXXC-M74C-F48X October CMS Vulnerable to Stored XSS via Editor and Branding Styles
A cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms: - Editor Settings Markup Styles A user with the Global Editor Settings permission could inject malicious HTML/JS into the stylesheet input at Settings → Editor Settings → Markup Styles. A special...
October CMS Vulnerable to Stored XSS via Editor and Branding Styles
A cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms: - Editor Settings Markup Styles A user with the Global Editor Settings permission could inject malicious HTML/JS into the stylesheet input at Settings → Editor Settings → Markup Styles. A special...