Lucene search
K

70 matches found

RedhatCVE
RedhatCVE
added 2025/12/13 8:7 a.m.3 views

CVE-2025-4970

The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access an...

5.5CVSS5AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 a.m.7 views

CVE-2025-12163

The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

6.4CVSS6.1AI score0.00309EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/12/05 5:31 a.m.4 views

CVE-2025-12163 Omnipress <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting

The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

6.4CVSS4.7AI score0.00309EPSS
Exploits2References7
NVD
NVD
added 2025/11/27 2:15 p.m.8 views

CVE-2025-13692

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

7.2CVSS0.00265EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.3 views

Taclia Web Application 跨站脚本漏洞

Taclia Web Application is a billing and business management platform from Taclia Spain. A cross-site scripting vulnerability exists in the Taclia web application that stems from an uploaded SVG image that is not properly cleaned, which could lead to a stored cross-site scripting attack...

5.1CVSS5.9AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/21 7:31 a.m.8 views

CVE-2025-13159 Flo Forms – Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint floformsubmit without proper...

7.1CVSS0.00273EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/06 12:0 a.m.13 views

CVE-2025-63307

alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting XSS. The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization...

0.00361EPSS
Exploits2References2
CVE
CVE
added 2025/10/28 9:44 p.m.22 views

CVE-2025-64094

DNN (DotNetNuke) is affected by CVE-2025-64094 due to incomplete SVG sanitization, allowing stored XSS via uploaded SVGs. Affected versions are prior to 10.1.1; the issue stems from an incomplete fix for CVE-2025-48378 and is fixed in 10.1.1. The vulnerability enables execution of arbitrary JavaS...

6.4CVSS5.7AI score0.00179EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.5 views

DNN 跨站脚本漏洞

DNN also known as DotNetNuke is a set of American DNN company by Microsoft support, based on the ASP.NET platform of open source content management system CMS. The system is easy to install, scalable, feature-rich and so on. A cross-site scripting vulnerability exists in versions prior to DNN...

6.4CVSS5.6AI score0.00179EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/17 6:33 p.m.9 views

CVE-2025-34281 Stored Cross-Site Scripting (XSS) in ThingsBoard

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...

6.2CVSS0.00345EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-25658

Malicious code in bioql PyPI...

8.5CVSS6.6AI score0.00293EPSS
Exploits0References1
NVD
NVD
added 2025/10/03 2:15 p.m.4 views

CVE-2025-60453

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload malicious SVG files...

6.1CVSS0.00244EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.4 views

MetInfo CMS 安全漏洞

MetInfo CMS is a content management system from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from insufficient validation and cleanup of SVG file uploads and could lead to a stored cross-site scripting attack...

6.1CVSS5.9AI score0.00213EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/03 12:0 a.m.10 views

CVE-2025-60451

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module...

0.00213EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/03 12:0 a.m.4 views

CVE-2025-60450

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...

5.7AI score0.00213EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.4 views

PT-2025-40526

Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.19 Description A stored Cross-Site Scripting XSS issue exists due to inadequate validation of SVG file uploads within the /admin/media.php component. This allows attackers to upload malicious SVG files containing JavaScri...

6.1CVSS5.8AI score0.00213EPSS
Exploits1References3
CVE
CVE
added 2025/10/03 12:0 a.m.9 views

CVE-2025-60448

CVE-2025-60448 affects Emlog Pro 2.5.19; stored XSS via SVG uploads in /admin/media.php due to insufficient validation. Exploitation could occur when malicious SVGs are viewed. Affected component is the SVG upload handler; no fix version is stated in the sources. PT Security notes no information ...

6.1CVSS5.7AI score0.00213EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:14 a.m.5 views

CVE-2024-9850

The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...

6.4CVSS5AI score0.00332EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/18 8:21 a.m.4 views

CVE-2025-3056 Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

5.4CVSS5.6AI score0.00319EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/11 12:0 a.m.5 views

WordPress plugin Z Companion 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.4CVSS6.6AI score0.00295EPSS
Exploits0References9
Rows per page
Query Builder