64 matches found
CVE-2025-60452
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\downloadadmin.class.php component. The vulnerability allows attackers to upload malicious SVG...
EUVD-2025-32299
Malicious code in bioql PyPI...
EUVD-2025-32300
Malicious code in bioql PyPI...
EUVD-2025-32302
Malicious code in bioql PyPI...
CVE-2025-60454
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...
CVE-2025-60454
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...
CVE-2025-60450
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...
CVE-2025-60450
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...
CVE-2025-60451
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module...
CVE-2025-60453
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload malicious SVG files...
CVE-2025-60452
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\downloadadmin.class.php component. The vulnerability allows attackers to upload malicious SVG...
CVE-2025-60453
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload malicious SVG files...
CVE-2025-60452
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\downloadadmin.class.php component. The vulnerability allows attackers to upload malicious SVG...
CVE-2025-60452
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\downloadadmin.class.php component. The vulnerability allows attackers to upload malicious SVG...
MetInfo CMS 安全漏洞
MetInfo CMS is a content management system CMS from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which originates from insufficient validation when uploading a malicious SVG file in the Columns Management module, which could lead to a stored cross-site scripti...
CVE-2025-60453
MetInfo CMS 8.0 is affected in the column management module (app\system\column\admin\index.class.php). The issue is a stored XSS vulnerability that allows attackers to upload SVG files containing JavaScript, which executes when the uploaded file is viewed or accessed by users. This aligns with mu...
CVE-2025-60453
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload malicious SVG files...
CVE-2025-60454
MetInfo CMS 8.0 is affected in the image management module. The XSS vulnerability arises from unvalidated SVG uploads in the file path app\system\img\admin\img_admin.class.php, enabling stored JavaScript execution when users view/access the uploaded SVG. Multiple connected sources corroborate thi...
CVE-2025-60451
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module...
MetInfo CMS 安全漏洞
MetInfo CMS is a content management system CMS from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from an unvalidated SVG file input in the download management module, which could lead to a stored cross-site scripting attack...