OctoberCMS is a CMS similar to WordPress, but with much less "fluff". The SECURELI.com team identified the latest version of OctoberCMS relying on Bootstrap 3.3.7, jQuery 1.11.1, and jQuery 3.3.1. All of these dependencies are vulnerable.
f681fa16535fadc7191cd66f822dffa7d216f8af2a34f5deedc5787f586eef6a
October CMS version 3.4.4 suffers from a persistent cross site scripting vulnerability.
2a6cf254ba269a88aeaf0ea65b1a5330b5a6a87f4df89efa2421d3ebf8f202a0
October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities.
db161c36ea18421b21654c361479e95224d40c18622344eb445b051377246742
October CMS User plugin version 1.4.5 suffers from a persistent cross site scripting vulnerability.
2542351c0db2686c16ac211c741d58a6096bc2da3e0f49b94409072994f16c19
October CMS versions prior to 1.0.431 suffer from a cross site scripting vulnerability.
1c24c99210f1e4aae61e494bd1776271475f0fa22bd94c356ae4fecbe8cc6793
OctoberCMS version 1.0.426 (Build 426) suffers from a cross site request forgery vulnerability.
ccff89bd09fbd52d37f55db26fc77ecdbafe040098e2fd831759890dff129ae2
OctoberCMS version 1.0.425 suffers from a stored cross site scripting vulnerability.
3df000b7a5627cbc2f13686698775fb84026d7281fc3bd4fb07cb5597369b8c1
October CMS version 1.0.412 suffers from access bypass, cross site scripting, code execution, and remote shell upload vulnerabilities.
f133ae1a00c61dc5828a8d5a4a01eaa1cff8d008fd292fc06836a939242285de