CVE-2023-53903

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting...

EUVD-2023-60190

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

CVE-2023-53900

SPIP 4.1.10 is affected by a file-upload vulnerability where SVG files containing embedded external links can be uploaded and used to redirect users via a crafted SVG logo. Root cause is improper file-upload filtering. Consequences described across sources include social-engineering-like admin in...

CVE-2023-53900 Spip 4.1.10 Admin Account Spoofing via Malicious SVG Upload

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

CVE-2025-11220

CVE-2025-11220 affects the Elementor Website Builder (Text Path widget) and its SVG markup construction. Up to 3.33.3, it allows Stored Cross-Site Scripting via user input not properly neutralized, enabling authenticated attackers with contributor-level access and above to inject web scripts in p...

PT-2025-51748

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

SPIP 跨站脚本漏洞

SPIP is a free software for creating Internet sites from the SPIP open source. A cross-site scripting vulnerability exists in SPIP version 4.1.10, which stems from improper file upload filtering and could lead to an attacker uploading malicious SVG files...

websitebaker 安全漏洞

websitebaker is a PHP-based content management system for individual developers. Its features include template-based front-end interface, paging support, multi-user management, etc. The vulnerability is caused by a stored cross-site scripting vulnerability. A security vulnerability exists in...

CVE-2023-53876

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable...

CVE-2023-53876

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable...

CVE-2023-53890 Perch CMS 3.2 Stored Cross-Site Scripting via SVG File Upload

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...

CVE-2023-53890 Perch CMS 3.2 Stored Cross-Site Scripting via SVG File Upload

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...

CVE-2023-53884 Webedition CMS v2.9.8.8 Stored Cross-Site Scripting via SVG Upload

Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is...

CVE-2023-53876

CVE-2023-53876 affects Academy LMS 6.1 and is a file-upload vulnerability that lets authenticated users upload malicious SVGs containing stored XSS via the profile avatar upload feature by altering extensions and embedding JavaScript. Root cause: lax file-type handling permitting SVG execution. I...

CVE-2023-53876 Academy LMS 6.1 Arbitrary File Upload Vulnerability via Profile Settings

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable...

PT-2025-51302

Name of the Vulnerable Software and Affected Versions Webedition CMS version 2.9.8.8 Description Webedition CMS version 2.9.8.8 contains a stored cross-site scripting issue. Authenticated users can upload malicious SVG files containing JavaScript through the media upload feature. When these craft...

Kodezen Academy LMS 安全漏洞

Kodezen Academy LMS is a Learning Management System from Kodezen Inc. in the United States. A security vulnerability exists in Kodezen Academy LMS version 6.1, which stems from a file upload vulnerability that could lead to the upload of malicious SVG files and the execution of stored cross-site...

Perch CMS 安全漏洞

Perch CMS is a content management system from Perch, Inc. A security vulnerability exists in Perch CMS version 3.2 that stems from allowing authenticated users to upload malicious SVG files with embedded JavaScript, potentially leading to a stored cross-site scripting attack...

PT-2025-51294

Name of the Vulnerable Software and Affected Versions Academy LMS version 6.1 Description Academy LMS version 6.1 has a file upload issue. Authenticated users can upload malicious SVG files containing stored cross-site scripting payloads. An attacker can inject malicious scripts through the profi...

PT-2025-51308

Name of the Vulnerable Software and Affected Versions Perch CMS version 3.2 Description The application allows authenticated users to upload malicious SVG files containing embedded JavaScript. An attacker can craft SVG files with script tags that execute when the file is viewed, potentially leadi...