Vulnerabilidades em octobercms
39 resultadosCVE-2023-44383MEDIUMOctober CMS stored XSS by authenticated backend user with improper configurationEPSS 0.4%CVE-2026-22692MEDIUMOctober CMS: Twig Sandbox Bypass via Collection MethodsEPSS 0.4%CVE-2026-25125MEDIUMOctober CMS: Environment Variable Exfiltration via INI Parser InterpolationEPSS 0.3%CVE-2020-15248MEDIUMPrivilege escalation by backend users assigned to the default "Publisher" system roleEPSS 0.3%CVE-2024-51991LOWOctober CMS Allows Unprotected SVG Rename in Media ManagerEPSS 0.3%CVE-2020-15247MEDIUMTwig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.EPSS 0.3%CVE-2020-26231MEDIUMBypass of fix for CVE-2020-15247, Twig sandbox escapeEPSS 0.3%CVE-2024-24764LOWOctober Open Redirect for Administrator AccountsEPSS 0.3%CVE-2024-25637LOWReflected XSS via X-October-Request-Handler HeaderEPSS 0.3%CVE-2021-21264MEDIUMBypass of fix for CVE-2020-26231, Twig sandbox escapeEPSS 0.3%CVE-2026-24906MEDIUMOctober CMS has Stored XSS in its Backend Editor Markup ClassesEPSS 0.3%CVE-2026-26067MEDIUMOctober: Safe Mode Bypass via CSS Preprocessor CompilersEPSS 0.2%CVE-2026-26274MEDIUMOctober: Safe Mode Bypass via Twig Database Write OperationsEPSS 0.2%CVE-2026-25133MEDIUMOctober CMS has Stored XSS via SVG Filter BypassEPSS 0.2%CVE-2026-24907MEDIUMOctober CMS has Stored XSS via Event Log Mail PreviewEPSS 0.2%CVE-2025-61674MEDIUMOctober CMS Vulnerable to Stored XSS via Editor and Branding StylesEPSS 0.2%CVE-2025-61676MEDIUMOctober CMS Vulnerable to Stored XSS via Branding StylesEPSS 0.2%CVE-2026-29179LOWOctober: Editor Sub-Permission Bypass for Asset and Blueprint File OperationsEPSS 0.1%CVE-2026-27937LOWOctober: Reflected XSS via DataTable Form WidgetEPSS 0.1%