Lucene search
K

17 matches found

Github Security Blog
Github Security Blog
added 2026/06/17 2:15 p.m.13 views

Open WebUI: Stored XSS to Account Takeover via Model Profile Images

Stored XSS to Account Takeover via Model Profile Images in Open WebUI Affected: Open WebUI tags. On the output side, users.py added a MIME allowlist check and X-Content-Type-Options: nosniff. The fix was applied to UserUpdateForm, UpdateProfileForm, and later to ChannelWebhookForm. Three models...

7.6CVSS5.3AI score0.00174EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.7 views

CVE-2026-42138

Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/files/upload, which requires authentication through the application API, is also vulnerable. This...

6.9CVSS5.4AI score0.00235EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.4 views

CVE-2026-33311

DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, SVG attribute values derived from user-supplied options backgroundColor, fontFamily, textColor were not XML-escaped before interpolation into SVG...

4.7CVSS5.8AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.7 views

CVE-2026-30948

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.4 and 8.6.17, a stored cross-site scripting XSS vulnerability allows any authenticated user to upload an SVG file containing JavaScript. The file is served inline with...

8.3CVSS5.7AI score0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 3:33 a.m.3 views

CVE-2026-32940 SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183)

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist — it blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml, both of which can render SVG with JavaScript execution. Th...

9.3CVSS5.7AI score0.00302EPSS
Exploits1References4
OSV
OSV
added 2026/03/05 6:31 p.m.5 views

OPENSUSE-SU-2026:20323-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Changes to roundcubemail: Update to 1.6.13: This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: + Fix CSS injection vulnerability reported by CERT Polsk...

7.5CVSS5.9AI score0.19769EPSS
Exploits3References8
Github Security Blog
Github Security Blog
added 2025/12/08 9:30 p.m.7 views

NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

Summary A Cross-Site Scripting XSS vulnerability exists in the ui.interactiveimage component of NiceGUI v3.3.1 and earlier. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or JavaScript via the SVG tag. Detail...

6.1CVSS5.6AI score0.00223EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2025/12/05 4:22 p.m.2 views

CVE-2025-66512 Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside...

5.4CVSS6.5AI score0.00233EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/05 4:22 p.m.17 views

CVE-2025-66512 Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside...

5.4CVSS0.00233EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 4:22 p.m.2 views

CVE-2025-66512 Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside...

5.4CVSS6.2AI score0.00233EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-0483

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.00571EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/24 6:15 p.m.8 views

CVE-2025-59525 Horilla has Improper Input Sanitization Leading to XSS and Admin Account Takeover

Horilla is a free and open source Human Resource Management System HRMS. Prior to version 1.4.0, improper sanitization across the application allows XSS via uploaded SVG and via allowed , which can be chained to execute JavaScript whenever users view impacted content e.g., announcements. This can...

7.7CVSS0.00271EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/12/06 12:0 a.m.3 views

PT-2024-17544

Name of the Vulnerable Software and Affected Versions Jirafeau affected versions not specified Description The issue concerns a case insensitive MIME type bypass that enables SVG XSS in Jirafeau. Normally, Jirafeau prevents browser preview for SVG files to prevent cross-site scripting exploitatio...

6.1CVSS6.2AI score0.0053EPSS
Exploits0References12
OSV
OSV
added 2024/11/29 4:15 a.m.5 views

CVE-2024-54123

Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format...

6.1CVSS5.9AI score
Exploits0References1
OSV
OSV
added 2024/09/25 3:15 a.m.4 views

CVE-2024-9068

The OneElements – Best Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00298EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/25 12:0 a.m.6 views

PT-2024-41052 · Unknown · Roundcube Webmail

Name of the Vulnerable Software and Affected Versions: Roundcube Webmail versions 1.6.x Description: The issue concerns several security problems, including cross-site scripting XSS vulnerabilities in handling SVG animate attributes and list columns from user preferences, as well as a command...

7AI score
Exploits0References4
OSV
OSV
added 2023/02/07 11:15 a.m.3 views

CVE-2022-21948

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions...

6.1CVSS5.8AI score0.00514EPSS
Exploits1References1
Rows per page
Query Builder