6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.2%
Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
craftcms.com/changelog
packetstormsecurity.com/files/142851/Craft-CMS-2.6-Cross-Site-Scripting-File-Upload.html
twitter.com/CraftCMS/status/872599894912937984
www.exploit-db.com/exploits/42143/