CVE-2026-24906 | October CMS up to 3.7.13/4.1.9 Setting cross site scripting (GHSA-6qmh-j78v-ffp7)

A vulnerability labeled as problematic has been found in October CMS up to 3.7.13/4.1.9. This issue affects some unknown processing of the component Setting Handler. The manipulation results in cross site scripting.

This vulnerability is known as CVE-2026-24906. It is possible to launch the attack remotely. No exploit is available.

The affected component should be upgraded.VulDB Recent EntriesRead More