[MEDIUM] October CMS has Stored XSS in Backend Editor Markup Classes

PKSA-44b4-zdw9-q1j5 CVE-2026-24906 GHSA-6qmh-j78v-ffp7

Affected package: october/system

Affected version: <=3.7.13|>=4.0.0,<=4.1.9

Reported by:
GitHub