CVE-2025-60445
CVE-2025-60445 affects XunRuiCMS 4.7.1. Root cause: insufficient validation of SVG uploads in dayrui/Fcms/Library/Upload.php, enabling stored XSS when the uploaded file is viewed. Impact: injected JavaScript code executes in the context of the uploaded SVG. Remediation: no patch/fix details provi...