October · October Cms · CVE-2015-5612
**Name of the Vulnerable Software and Affected Versions**
October CMS versions prior to build 272
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `caption` tag of a profile image.
**Recommendations**
For October CMS versions prior to build 272, update to build 272 or later to resolve the issue. As a temporary workaround, consider restricting the use of the caption tag in profile images until a patch is applied.