[MEDIUM] October Rain has Stored XSS via SVG Filter Bypass

PKSA-22sk-dxft-df3d CVE-2026-25133 GHSA-gcqv-f29m-67gr

Affected package: october/rain

Affected version: <=3.7.13|>=4.0.0,<=4.1.9

Reported by:
GitHub