A vulnerability marked as problematic has been reported in October CMS up to 3.7.13/4.1.9 . Impacted is an unknown function of the component Mail Message Handler . This manipulation causes cross site scripting. This vulnerability is handled as CVE-2026-24907 . The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.