362 matches found
CVE-2020-37238 CMS Made Simple 2.2.15 Stored XSS via SVG File Upload
CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers can upload SVG files containing embedded JavaScript to the file manager, which executes when othe...
EUVD-2024-50273
The Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG file upload process. An attacker can execute arbitrary scripts in the context of a user's browser session by uploading a specially crafted SVG file. Details Cross-site scripting or XSS is a code...
CVE-2026-0627 AMP for WP <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload
The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.1.10. This is due to insufficient sanitization of SVG file content that only removes tags while allowing other XSS vectors such as event handlers onload,...
CVE-2025-14120
The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient sanitization of SVG files. This makes it possible for authenticated attackers, with Author-level access and above, to injec...
CVE-2025-12570 Fancy Product Designer <= 6.4.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping in the data-to-image.php and pdf-to-image.php files. This makes it possible for...
CVE-2025-12880
CVE-2025-12880 concerns the WordPress plugin Progress Bar Blocks for Gutenberg . The issue is a Stored Cross-Site Scripting (XSS) vulnerability via SVG file uploads caused by insufficient input sanitization and output escaping. It affects all versions up to and including 1.0.0, with exploitation ...
PT-2025-46298
Name of the Vulnerable Software and Affected Versions Progress Bar Blocks for Gutenberg plugin for WordPress versions prior to 1.0.1 Description The Progress Bar Blocks for Gutenberg plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG File uploads. Insufficient input...
CVE-2025-11682 Stored Cross-Site Scripting in Perx Customer Engagement & Loyalty Platform
Stored cross-site scripting XSS vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can...
CVE-2025-9978 Jeg Elementor Kit < 2.7.0 - Author+ Stored XSS
The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability...
EUVD-2024-49737
Malicious code in bioql PyPI...
EUVD-2025-16321
Malicious code in bioql PyPI...
EUVD-2024-33300
Malicious code in bioql PyPI...
EUVD-2024-49738
Malicious code in bioql PyPI...
EUVD-2024-49820
Malicious code in bioql PyPI...
EUVD-2025-11832
Malicious code in bioql PyPI...
EUVD-2024-50161
Malicious code in bioql PyPI...
EUVD-2024-49739
Malicious code in bioql PyPI...
EUVD-2024-49706
Malicious code in bioql PyPI...
EUVD-2024-50310
Malicious code in bioql PyPI...