CNNVD-202601-1747 Information

CNNVD ID

CNNVD-202601-1747

Related CVE

CVE-2025-61676

• CNNVD Published: 2026-01-10

Description (Chinese)

October CMS是October CMS公司的一套基于PHP和Laravel Web应用程序框架的开源内容管理系统（CMS）。 October CMS 3.7.13之前版本和4.0.12之前版本存在跨站脚本漏洞，该漏洞源于后端配置表单中清理和转义不足，可能导致跨站脚本攻击。

Description (English)

October CMS is an open-source content management system (CMS) based on the PHP and Laravel Web application framework of October CMS. The pre-October CMS 3.7.13 and pre-4.012 have a cross-site script loophole, which stems from inadequate clean-up and conversion in the back-end configuration forms and may lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

October CMS

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/octobercms/october/security/advisories/GHSA-wvpq-h33f-8rp6 https://access.redhat.com/security/cve/cve-2025-61676

Patch

https://github.com/octobercms/october/releases