Lucene search
K

362 matches found

Cvelist
Cvelist
added 2026/05/16 3:25 p.m.42 views

CVE-2020-37238 CMS Made Simple 2.2.15 Stored XSS via SVG File Upload

CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers can upload SVG files containing embedded JavaScript to the file manager, which executes when othe...

6.4CVSS0.00243EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/08 6:33 p.m.5 views

EUVD-2024-50273

The Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

6.4CVSS7.4AI score0.00519EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/03 8:37 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG file upload process. An attacker can execute arbitrary scripts in the context of a user's browser session by uploading a specially crafted SVG file. Details Cross-site scripting or XSS is a code...

6.1CVSS5.6AI score0.00251EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/09 8:20 a.m.3 views

CVE-2026-0627 AMP for WP <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload

The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.1.10. This is due to insufficient sanitization of SVG file content that only removes tags while allowing other XSS vectors such as event handlers onload,...

6.4CVSS4.4AI score0.00188EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.7 views

CVE-2025-14120

The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient sanitization of SVG files. This makes it possible for authenticated attackers, with Author-level access and above, to injec...

6.4CVSS5AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/12 6:32 a.m.29 views

CVE-2025-12570 Fancy Product Designer <= 6.4.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload

The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping in the data-to-image.php and pdf-to-image.php files. This makes it possible for...

7.2CVSS0.00213EPSS
Exploits0References2
CVE
CVE
added 2025/11/11 3:30 a.m.14 views

CVE-2025-12880

CVE-2025-12880 concerns the WordPress plugin Progress Bar Blocks for Gutenberg . The issue is a Stored Cross-Site Scripting (XSS) vulnerability via SVG file uploads caused by insufficient input sanitization and output escaping. It affects all versions up to and including 1.0.0, with exploitation ...

5.4CVSS4.7AI score0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.5 views

PT-2025-46298

Name of the Vulnerable Software and Affected Versions Progress Bar Blocks for Gutenberg plugin for WordPress versions prior to 1.0.1 Description The Progress Bar Blocks for Gutenberg plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG File uploads. Insufficient input...

5.4CVSS5.3AI score0.00142EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/27 7:39 a.m.8 views

CVE-2025-11682 Stored Cross-Site Scripting in Perx Customer Engagement & Loyalty Platform

Stored cross-site scripting XSS vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can...

7.1CVSS0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/24 6:0 a.m.11 views

CVE-2025-9978 Jeg Elementor Kit < 2.7.0 - Author+ Stored XSS

The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability...

0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-50083

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00288EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-28173

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00588EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-12132

Malicious code in bioql PyPI...

6.4CVSS7.2AI score0.00265EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-50077

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00266EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-49511

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00314EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-49825

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00266EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-33039

Malicious code in bioql PyPI...

6.4CVSS8.7AI score0.00288EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-49834

Malicious code in bioql PyPI...

6.4CVSS8.7AI score0.00377EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-50969

Malicious code in bioql PyPI...

5.4CVSS8.9AI score0.00267EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-15089

Malicious code in bioql PyPI...

6.4CVSS7.2AI score0.00246EPSS
Exploits0References3
Rows per page
Query Builder