14 matches found
CVE-2025-13415
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415 icret EasyImages SVG Image upload.php cross site scripting
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415 icret EasyImages SVG Image upload.php cross site scripting
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415
CVE-2025-13415 affects icret EasyImages up to 2.8.6. The issue lies in the SVG Image Handler’s /app/upload.php where manipulating the File parameter enables cross-site scripting. Attacks are described as remotely initiable. The Red Hat and other feeds corroborate the same vulnerability details. N...
EUVD-2025-28920
Malicious code in bioql PyPI...
CVE-2025-10254
A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0. This issue affects some unknown processing of the file /Products/Projects/Messages.aspx of the component SVG Image Handler. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The...
CVE-2025-10254
A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0. This issue affects some unknown processing of the file /Products/Projects/Messages.aspx of the component SVG Image Handler. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The...
CVE-2025-10254
Affected software: Ascensio System SIA OnlyOffice up to 12.7.0. Vulnerable component: SVG Image Handler processing of /Products/Projects/Messages.aspx. Root cause: unknown processing leads to cross-site scripting. Impact: cross-site scripting with remote initiation potential; exploit publicly ava...
CVE-2025-10254 Ascensio System SIA OnlyOffice SVG Image Messages.aspx cross site scripting
A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0. This issue affects some unknown processing of the file /Products/Projects/Messages.aspx of the component SVG Image Handler. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The...
Ascensio System ONLYOFFICE 安全漏洞
Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A security vulnerability exists in Ascensio System ONLYOFFICE version 12.7.0 and earlier, which stems from improper handling of the SVG Image Handler component in file/Products/Projects/Messages.aspx, which could lead ...
PT-2025-37191
Name of the Vulnerable Software and Affected Versions: OnlyOffice versions up to 12.7.0 Description: A cross site scripting issue exists due to unknown processing of the file /Products/Projects/Messages.aspx within the SVG Image Handler component. The attack can be initiated remotely. The exploit...
Privilege Escalation
Firefox Firefox ESR and Thunderbird are vulnerable to privilege escalation. A remote user can create a specially crafted SVG image that, when loaded by the target user, will access restricted external resources via 'data:' URLs. The affected component is SVG Image Handler...