Lucene search
K

5 matches found

NVD
NVD
added 2026/02/06 8:16 p.m.3 views

CVE-2026-22254

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...

3.5CVSS0.00251EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/06 7:11 p.m.26 views

CVE-2026-22254 Winter Affected by Stored Cross-Site Scripting (XSS) in Asset Manager

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...

0.00251EPSS
Exploits0References3
OSV
OSV
added 2025/12/01 8:15 p.m.5 views

CVE-2025-63317

Todoist v8896 is vulnerable to Cross Site Scripting XSS in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment...

5.4CVSS5.8AI score0.00182EPSS
Exploits1References1
CVE
CVE
added 2025/12/01 12:0 a.m.16 views

CVE-2025-63317

Todoist v8896 is affected by an XSS vulnerability in the /api/v1/uploads endpoint. Uploaded SVG files are not sanitized, allowing embedded JavaScript to execute when a user opens the attachment from a task or comment. The Red Hat and EU/NVD entries corroborate Todoist v8896 as vulnerable to SVG-b...

5.4CVSS5.8AI score0.00182EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/11/24 11:27 a.m.3 views

EUVD-2025-198629

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

5.1CVSS5.3AI score0.0025EPSS
Exploits0References2
Rows per page
Query Builder