CVE-2026-24907 | October CMS up to 3.7.13/4.1.9 Mail Message cross site scripting (GHSA-j4j5-9x6g-rgxc)

A vulnerability marked as problematic has been reported in October CMS up to 3.7.13/4.1.9. Impacted is an unknown function of the component Mail Message Handler. This manipulation causes cross site scripting.

This vulnerability is handled as CVE-2026-24907. The attack can be initiated remotely. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More