14 matches found
CVE-2025-13415
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415
CVE-2025-13415 affects icret EasyImages up to 2.8.6. The issue lies in the SVG Image Handler’s /app/upload.php where manipulating the File parameter enables cross-site scripting. Attacks are described as remotely initiable. The Red Hat and other feeds corroborate the same vulnerability details. N...
CVE-2025-13415 icret EasyImages SVG Image upload.php cross site scripting
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415 icret EasyImages SVG Image upload.php cross site scripting
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
EUVD-2025-28920
Malicious code in bioql PyPI...
CVE-2025-10254
A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0. This issue affects some unknown processing of the file /Products/Projects/Messages.aspx of the component SVG Image Handler. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The...
CVE-2025-10254
A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0. This issue affects some unknown processing of the file /Products/Projects/Messages.aspx of the component SVG Image Handler. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The...
CVE-2025-10254 Ascensio System SIA OnlyOffice SVG Image Messages.aspx cross site scripting
A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0. This issue affects some unknown processing of the file /Products/Projects/Messages.aspx of the component SVG Image Handler. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The...
CVE-2025-10254
Affected software: Ascensio System SIA OnlyOffice up to 12.7.0. Vulnerable component: SVG Image Handler processing of /Products/Projects/Messages.aspx. Root cause: unknown processing leads to cross-site scripting. Impact: cross-site scripting with remote initiation potential; exploit publicly ava...
Ascensio System ONLYOFFICE 安全漏洞
Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A security vulnerability exists in Ascensio System ONLYOFFICE version 12.7.0 and earlier, which stems from improper handling of the SVG Image Handler component in file/Products/Projects/Messages.aspx, which could lead ...
PT-2025-37191
Name of the Vulnerable Software and Affected Versions: OnlyOffice versions up to 12.7.0 Description: A cross site scripting issue exists due to unknown processing of the file /Products/Projects/Messages.aspx within the SVG Image Handler component. The attack can be initiated remotely. The exploit...
Privilege Escalation
Firefox Firefox ESR and Thunderbird are vulnerable to privilege escalation. A remote user can create a specially crafted SVG image that, when loaded by the target user, will access restricted external resources via 'data:' URLs. The affected component is SVG Image Handler...