[LOW] October CMS vulnerable to Potential Host Header Poisoning on misconfigured servers

PKSA-qdcz-hc2r-sgmp CVE-2021-21265 GHSA-xhfx-hgmf-v6vp

Affected version: <1.1.2

Reported by:
GitHub

[LOW] Privilege escalation by backend users assigned to the default "Publisher" system role

PKSA-n1yr-6tth-9x9n CVE-2020-15248 GHSA-rfjc-xrmf-5vvw

Affected version: >=1.0.319,<1.0.470

Reported by:
GitHub