CVE-2025-61676 | October CMS up to 3.7.12/4.0.11 Customize Backend Styles cross site scripting (GHSA-wvpq-h33f-8rp6)

A vulnerability was found in October CMS up to 3.7.12/4.0.11. It has been classified as problematic. Affected by this issue is some unknown functionality of the component Customize Backend Styles. This manipulation causes cross site scripting.

The identification of this vulnerability is CVE-2025-61676. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More