october/system Security Advisories for v1.1.11 (4)
-
[MEDIUM] October CMS Vulnerable to Stored XSS via Branding Styles
PKSA-bbp3-wdjz-b51v CVE-2025-61676 GHSA-wvpq-h33f-8rp6
Affected version: >=4.0.0,<=4.0.11|<=3.7.12
Reported by:
GitHub -
[MEDIUM] October CMS Vulnerable to Stored XSS via Editor and Branding Styles
PKSA-4qp4-vb8r-g3zj CVE-2025-61674 GHSA-gxxc-m74c-f48x
Affected version: >=4.0.0,<=4.0.11|<=3.7.12
Reported by:
GitHub -
[LOW] October CMS Allows Unprotected SVG Rename in Media Manager
PKSA-q2z3-dfft-h9n9 CVE-2024-51991 GHSA-96hh-8hx5-cpw7
Affected version: <3.7.5
Reported by:
GitHub -
[HIGH] October CMS upload process vulnerable to RCE via Race Condition
PKSA-yr75-7y9f-cxw9 CVE-2022-24800 GHSA-8v7h-cpc2-r8jp
Affected version: >=2.0.0,<2.2.15|>=1.1.0,<1.1.12|<1.0.476
Reported by:
GitHub