CVE-2026-30117

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2026-33741

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...

CVE-2026-30117

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2021-47955

CVE-2021-47955 affects CouchCMS 2.2.1 and describes a cross-site scripting vulnerability via SVG file uploads. An authenticated attacker can upload SVG files containing embedded script tags through the file upload functionality, which are then executed in other users’ browsers when the files are ...

EUVD-2021-34823

CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. Attackers can upload SVG files containing embedded script tags to the browse.php endpoint, which...

PT-2026-41452

Name of the Vulnerable Software and Affected Versions CouchCMS version 2.2.1 Description Authenticated attackers can execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. This occurs when SVG files containing embedded script tags are uploaded to the...

phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQEDIT permission can upload malicious SVG files with deeply...

CVE-2026-46360

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQEDIT permission can upload malicious SVG files with deeply...

CVE-2021-47958 CouchCMS 2.2.1 Server-Side Request Forgery via SVG upload

CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal service...

CVE-2021-47958

CVE-2021-47958 affects CouchCMS 2.2.1 and is a server-side request forgery via SVG upload. An authenticated attacker can upload SVG files containing external entity references through the browse.php endpoint to trigger arbitrary HTTP requests from the server, enabling access to internal services ...

CVE-2021-47958 CouchCMS 2.2.1 Server-Side Request Forgery via SVG upload

CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal service...

CVE-2025-70842

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

CVE-2025-70842

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

CVE-2025-70842

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

Cross-site Scripting (XSS)

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Cross-site Scripting XSS via the decodeAllEntities function. An attacker can execute arbitrary JavaScript in the context of the application origin by...

GHSA-3446-6MGW-F79P Grav is Vulnerable to XXE via SVG Upload

Dear Grav Security Team, A security vulnerability was discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server through XML External Entity XXE injection. Vulnerability Summary | Field | Details | |-------|---------| | Vulnerability Type | XML External...

CVE-2026-42138

CVE-2026-42138 affects Dify (open-source LLM app development platform). Before v1.13.1, an SVG upload via POST /api/files/upload allowed unauthenticated XSS, and POST /v1/files/upload was also vulnerable when authenticated. The issue is patched in v1.13.1. Impact is stored XSS; remediation is upg...

CVE-2026-42138

Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/files/upload, which requires authentication through the application API, is also vulnerable. This...

CVE-2026-42138 Dify Vulnerable to Stored XSS via SVG-file upload

Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/files/upload, which requires authentication through the application API, is also vulnerable. This...

PT-2026-36885

Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.13.1 Description An issue exists in this open-source LLM app development platform where users can upload SVG files containing Cross-Site Scripting XSS, which is a technique that allows attackers to execute malicious...