67 matches found
CVE-2025-11027 givanz Vvveb SVG File cross site scripting
A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected by this issue is some unknown functionality of the component SVG File Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. Once aga...
CVE-2025-11027
The CVE-2025-11027 issue affects givanz Vvveb up to version 1.0.7.2, specifically in the SVG File Handler component. The root cause is a cross-site scripting vulnerability that could be triggered remotely. Exploitation is described as publicly available in referenced sources. Remediation provided...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. A security vulnerability exists in Vvveb version 1.0.7.2 and earlier, which stems from an unknown functionality issue in the component SVG File Handler that could lead to...
PT-2025-39655
Name of the Vulnerable Software and Affected Versions givanz Vvveb versions up to 1.0.7.2 Description A cross-site scripting issue exists in the SVG File Handler component. This manipulation can be launched remotely. The exploit is publicly available. Recommendations Update to a version beyond...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the logoNavbar or logoLogin arguments in the SVG File Handler component of the /admin path. An attacker can inject and execute arbitrary scripts by supplying crafted input to these arguments. Details...
GHSA-4C44-R8RM-3P39 Mangati NovoSGA XSS vulnerability in /admin
A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is...
Mangati NovoSGA XSS vulnerability in /admin
A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is...
CVE-2025-10909
A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is...
CVE-2025-10909 Mangati NovoSGA SVG File admin cross site scripting
A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is...
CVE-2025-10909 Mangati NovoSGA SVG File admin cross site scripting
A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is...
PT-2025-39289
Name of the Vulnerable Software and Affected Versions Mangati NovoSGA versions through 2.2.9 Description A security flaw exists in Mangati NovoSGA. The issue is related to cross site scripting within the SVG File Handler component, specifically affecting the file /admin. Manipulation of the...
CVE-2025-10253
A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...
CVE-2025-10253 openDCIM SVG File uploadifive.php cross site scripting
A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...
CVE-2025-9145
A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...
Scada-LTS 代码注入漏洞
Scada-LTS is an open source, web-based, multi-platform solution from Scada-LTS Open Source. A code injection vulnerability exists in Scada-LTS version 2.7.8.1, which originates from a cross-site scripting attack due to misuse of the file viewedit.shtm parameter backgroundImageMP in the component...
CVE-2025-3568
A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation leads to cross site scripting. The attack can be...
CVE-2025-3568
A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation leads to cross site scripting. The attack can be...
CVE-2025-3568
A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation leads to cross site scripting. The attack can be...
CVE-2025-3568 Webkul Krayin CRM SVG File edit cross site scripting
A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation leads to cross site scripting. The attack can be...
CVE-2025-3568
CVE-2025-3568 affects Webkul Krayin CRM