Low severity3.1NVD Advisory· Published Apr 21, 2026· Updated Apr 22, 2026
CVE-2026-27937
CVE-2026-27937
Description
October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting (XSS) vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. This vulnerability is fixed in 3.7.16 and 4.1.16.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
october/systemPackagist | < 3.7.16 | 3.7.16 |
october/systemPackagist | >= 4.0.0 | — |
Affected products
1Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.