Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.9 views

CVE-2026-34605

SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynamicIcon endpoint can be bypassed by using namespace-prefixed element names such as . The Go HTML5...

8.6CVSS5.7AI score0.00469EPSS
Exploits1References1
CVE
CVE
added 2026/03/20 9:40 p.m.13 views

CVE-2026-33172

CVE-2026-33172 covers a stored XSS in Statamic CMS via SVG asset reuploads. Prior to versions 5.73.14 and 6.7.0, authenticated users with asset upload permissions could bypass SVG sanitization and inject JavaScript that executes when the asset is viewed. The issue has been fixed in 5.73.14 and 6....

8.7CVSS5.7AI score0.00325EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/18 7:54 p.m.4 views

GHSA-7RCV-55MJ-CHG7 Statamic has Stored XSS via SVG Sanitization Bypass

Impact Stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and inject malicious JavaScript that executes when the asset is viewed. Patches This has been fixed in 5.73.14 and 6.7.0...

8.7CVSS5.7AI score0.00325EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/13 9:31 a.m.24 views

CVE-2025-4647 A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG. This issue affects web: from 24.10.0 before...

8.4CVSS0.00238EPSS
Exploits0References2
Rows per page
Query Builder