A vulnerability labeled as problematic has been found in October CMS up to 3.7.13/4.1.9 . This issue affects some unknown processing of the component Setting Handler . The manipulation results in cross site scripting. This vulnerability is known as CVE-2026-24906 . It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.