ChatPlayground.ai 跨站脚本漏洞

ChatPlayground.ai is an AI macromodeling website by ChatPlayground.ai. A security vulnerability exists in ChatPlayground.ai versions 2025-05-24 and earlier, which stems from the fact that sending specially crafted SVG file content via the chat component could lead to the execution of arbitrary co...

TelegAI Cross Site Scripting

TelegAI, a web application for constructing and chatting with AI Characters, is vulnerable to persistent cross site scripting vulnerabilities in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SV...

Exploit for CVE-2025-51860

CVE-2025-51860 Vulnerability description TelegAI, a web...

CVE-2025-53925 Emlog has Stored Cross-site Scripting vulnerability in file upload functionality

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload an .s...

[SECURITY] Fedora 42 Update: qt6-qtsvg-6.9.1-1.fc42

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...

WordPress plugin Bit File Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Bit File Manager plugin, which stems from insufficient input cleanup and escaping during SVG file uploads, and no...

CVE-2024-5521

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...

CVE-2024-9850

The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...

CVE-2024-9656

The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2024-9111

The Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2024-9376

The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-27489

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS accepts SVG files uploaded by users which could potentially contain JavaScript code. If SVG images are viewed directly, i.e. not rendered in an HTML page, this JavaScript code could execute. This...

CVE-2022-32243

When a user opens manipulated Scalable Vector Graphics .svg, svg.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2024-9238

The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2023-6541

The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

WordPress plugin AVIF Uploader 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Allow SVG 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Cross-site Scripting (XSS)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Cross-site...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload due to improper validation of file extensions. An attacker can bypass SVG file sanitization protections by initially uploading a file with a permitted extension and subsequently renaming it to an .svg extension...

HCL Domino Volt 安全漏洞

HCL Domino Volt is a low-code application development solution based on the Domino platform from HCL India. A security vulnerability exists in HCL Domino Volt, which stems from improper cleaning of SVG files and could lead to client-side script injection...