Daftspunk

**Name of the Vulnerable Software and Affected Versions** October versions prior to 3.7.14 October versions prior to 4.1.10 **Description** A stored cross-site scripting (XSS) issue exists in the SVG sanitization logic. The regex pattern used to strip event handler attributes, such as `onclick` or `onload`, can be bypassed using a crafted payload that exploits how the pattern matches attribute boundaries. This allows malicious SVG files with embedded JavaScript to be uploaded through the Media Manager. Exploitation requires authenticated backend access with `media.library.create` permissions and occurs when the SVG is viewed or embedded in a page. This could lead to privilege escalation if a superuser views the file. **Recommendations** Update to version 3.7.14. Update to version 4.1.10. Disable SVG uploads by adding `svg` to the blocked extensions in media configuration. Set `media.clean vectors` to `true` in configuration.

**Name of the Vulnerable Software and Affected Versions** October versions prior to 1.0.472 October versions prior to 1.1.2 **Description** An issue was discovered where an old session ID is reactivated once a new login occurs, violating the intended authentication behavior. This issue is relevant if an old session ID is known to an attacker. When logging out, the session ID was not invalidated, which means that anyone who gained access to the old session cookie would be able to act as the logged-in user. **Recommendations** For versions prior to 1.0.472, update to Build 472 or apply the patch from https://github.com/octobercms/library/commit/642f597489e6f644d4bd9a0c267e864cabead024 to your installation manually. For versions prior to 1.1.2, update to v1.1.2 or apply the patch from https://github.com/octobercms/library/commit/642f597489e6f644d4bd9a0c267e864cabead024 to your installation manually.