october/system Security Advisories for 1.1.x-dev (3)
-
[MEDIUM] October CMS Vulnerable to Stored XSS via Branding Styles
PKSA-bbp3-wdjz-b51v CVE-2025-61676 GHSA-wvpq-h33f-8rp6
Affected version: >=4.0.0,<=4.0.11|<=3.7.12
Reported by:
GitHub -
[MEDIUM] October CMS Vulnerable to Stored XSS via Editor and Branding Styles
PKSA-4qp4-vb8r-g3zj CVE-2025-61674 GHSA-gxxc-m74c-f48x
Affected version: >=4.0.0,<=4.0.11|<=3.7.12
Reported by:
GitHub -
[LOW] October CMS Allows Unprotected SVG Rename in Media Manager
PKSA-q2z3-dfft-h9n9 CVE-2024-51991 GHSA-96hh-8hx5-cpw7
Affected version: <3.7.5
Reported by:
GitHub