#Exploit Title: October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated)#Date: 29 June 2023#Exploit Author: Okan Kurtulus#Vendor Homepage: https://octobercms.com#Version: v3.4.4#Tested on: Ubuntu 22.04#CVE : N/A# Proof of Concept:1– Install the system through the website and log in with any user with file upload authority.2– Select "Media" in the top menu. Prepare an SVG file using