october/system Security Advisories for 1.0.x-dev (5)
-
[MEDIUM] October CMS has Stored XSS in Event Log Mail Preview
PKSA-57nm-kh7g-ddrg CVE-2026-24907 GHSA-j4j5-9x6g-rgxc
Affected version: <=3.7.13|>=4.0.0,<=4.1.9
Reported by:
GitHub -
[MEDIUM] October CMS has Stored XSS in Backend Editor Markup Classes
PKSA-44b4-zdw9-q1j5 CVE-2026-24906 GHSA-6qmh-j78v-ffp7
Affected version: <=3.7.13|>=4.0.0,<=4.1.9
Reported by:
GitHub -
[MEDIUM] October CMS Vulnerable to Stored XSS via Branding Styles
PKSA-bbp3-wdjz-b51v CVE-2025-61676 GHSA-wvpq-h33f-8rp6
Affected version: >=4.0.0,<=4.0.11|<=3.7.12
Reported by:
GitHub -
[MEDIUM] October CMS Vulnerable to Stored XSS via Editor and Branding Styles
PKSA-4qp4-vb8r-g3zj CVE-2025-61674 GHSA-gxxc-m74c-f48x
Affected version: >=4.0.0,<=4.0.11|<=3.7.12
Reported by:
GitHub -
[LOW] October CMS Allows Unprotected SVG Rename in Media Manager
PKSA-q2z3-dfft-h9n9 CVE-2024-51991 GHSA-96hh-8hx5-cpw7
Affected version: <3.7.5
Reported by:
GitHub