Phpwcms security vulnerabilities

Phpwcms is an open-source content management system developed by Phpwcms. Version 1.9.30 of Phpwcms contains a security vulnerability. This vulnerability stems from allowing authenticated attackers to upload malicious SVG files, which could lead to cross-site scripting attacks...

SiYuan cross-site scripting vulnerabilities

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.4-dev2 contained a cross-site scripting vulnerability. This vulnerability stemmed from uncleaned uploaded SVG files, and could lead to storage-based cross-site scripting attacks...

PT-2026-3219

Name of the Vulnerable Software and Affected Versions net.sourceforge.plantuml:plantuml versions prior to 1.2026.0 Description The software is susceptible to a Stored Cross-Site Scripting XSS issue because of inadequate sanitization of interactive attributes within GraphViz diagrams. A specially...

Linux Distros Unpatched Vulnerability : CVE-2026-0858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attribute...

CVE-2021-47783

Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform...

PT-2026-3156

Name of the Vulnerable Software and Affected Versions Phpwcms version 1.9.30 Description The software contains a file upload issue that permits authenticated attackers to upload malicious SVG files containing JavaScript. Attackers can leverage the multiple file upload functionality to upload...

CVE-2022-50906

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting XSS payloads...

CVE-2026-0627

The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.1.10. This is due to insufficient sanitization of SVG file content that only removes...

CVE-2026-22804

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...

CVE-2022-50906 e107 CMS v3.2.1 - Admin Upload Restriction Bypass + Stored XSS

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting XSS payloads...

CVE-2022-50906

e107 CMS 3.2.1 is affected by an upload restriction bypass in the media manager that lets authenticated administrators upload SVG files containing stored XSS payloads. The root cause is bypassing upload restrictions, enabling SVGs with embedded scripts to execute when viewed. Impact is described ...

CVE-2022-50906 e107 CMS v3.2.1 - Admin Upload Restriction Bypass + Stored XSS

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting XSS payloads...

MiracleLinux 8 : firefox-140.3.0-1.el8_10.ML.1 (AXSA:2025-10906:31)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10906:31 advisory. firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect...

PT-2026-2382

Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description An authenticated administrator can bypass upload restrictions in e107 CMS. This allows the upload of malicious SVG files through the media manager. Successful exploitation enables attackers to upload SVG file...

SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2026:0099-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0099-1 advisory. - CVE-2025-68618: read a malicious SVG file may result in a DoS attack bsc1255821. Tenable has extracted the preceding description block directly from...

e107 跨站脚本漏洞

e107 is an open source, free and PHP and MySQL based Content Management System CMS from the E107 team. The system supports a variety of plug-ins and appearance themes, and can be used as a personal blog, discussion community, archive repository and so on. A cross-site scripting vulnerability exis...

CVE-2026-22804

CVE-2026-22804 affects Termix versions 1.7.0–1.9.0, where the File Viewer component in the File Manager (src/ui/desktop/apps/file-manager/components/FileViewer.tsx) fails to sanitize SVG content, allowing a stored XSS that can execute arbitrary JavaScript in the app context. If exploited, this ca...

PT-2026-2313

Name of the Vulnerable Software and Affected Versions Termix versions 1.7.0 through 1.9.0 Description Termix is a web-based server management platform offering SSH terminal, tunneling, and file editing features. A Stored Cross-Site Scripting XSS issue exists in the Termix File Manager component d...

CVE-2025-14984

The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin's framework component adding SVG to the allowed MIME types via the uploadmimes filter without implementing any...

CVE-2026-22610 Angular has XSS Vulnerability via Unsanitized SVG Script Attributes

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting XSS vulnerability has been identified in the Angular Template Compiler. The...