CVE-2017-1000193

Name of the Vulnerable Software and Affected Versions October CMS build 412

Description The issue allows for stored XSS in the brand logo image name, resulting in JavaScript code execution in the victim's browser. This occurs because the brand logo image name is not properly sanitized, enabling an attacker to inject malicious JavaScript code.

Recommendations For October CMS build 412, update the build to a version that includes a fix for this issue, or as a temporary workaround, consider validating and sanitizing all user-inputted data for the brand logo image name to prevent JavaScript code execution.