CVE-2025-64094

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This...

EUVD-2025-36565

DNN vulnerable to stored cross-site-scripting XSS via SVG upload...

CVE-2025-64094

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This...

CVE-2025-62793

eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application origin. A victim who...

CVE-2025-64094

DNN (DotNetNuke) is affected by CVE-2025-64094 due to incomplete SVG sanitization, allowing stored XSS via uploaded SVGs. Affected versions are prior to 10.1.1; the issue stems from an incomplete fix for CVE-2025-48378 and is fixed in 10.1.1. The vulnerability enables execution of arbitrary JavaS...

CVE-2025-64094 DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This...

Dotnetnuke < 10.1.1 Stored cross-site-scripting (XSS) via SVG upload (CVE-2025-64094)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.1.1. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1,...

DNN 跨站脚本漏洞

DNN also known as DotNetNuke is a set of American DNN company by Microsoft support, based on the ASP.NET platform of open source content management system CMS. The system is easy to install, scalable, feature-rich and so on. A cross-site scripting vulnerability exists in versions prior to DNN...

CVE-2025-62793

eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application origin. A victim who...

EUVD-2025-36380

eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application origin. A victim who...

CVE-2025-62793 eLabFTW HTML / CSS Injection via Malicious SVG Upload Leads to Credential Theft / Clickjacking

eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application origin. A victim who...

CVE-2025-62793 eLabFTW HTML / CSS Injection via Malicious SVG Upload Leads to Credential Theft / Clickjacking

eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application origin. A victim who...

CVE-2025-11682 Stored Cross-Site Scripting in Perx Customer Engagement & Loyalty Platform

Stored cross-site scripting XSS vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can...

eLabFTW 跨站脚本漏洞

eLabFTW is an open source experimental data hosting platform from eLabFTW Open Source. The platform runs on Linux and supports storing a wide range of objects. A cross-site scripting vulnerability exists in eLabFTW that stems from SVG file inline services not being handled correctly, which could...

Perx Customer Engagement & Loyalty Platform 安全漏洞

Perx Customer Engagement & Loyalty Platform is a customer engagement campaign platform from Perx Singapore. A security vulnerability exists in Perx Customer Engagement & Loyalty Platform versions prior to 4.617.4, which stems from improperly cleaned SVG file uploads and could lead to a stored...

PT-2025-44056

Name of the Vulnerable Software and Affected Versions eLabFTW versions prior to 5.3.0 Description eLabFTW, an electronic lab notebook, allowed the serving of uploaded SVG files inline. Due to SVG’s support for active content, a malicious SVG file could be uploaded and executed when viewed, leadin...

[SECURITY] Fedora 43 Update: qt5-qtsvg-5.15.17-3.fc43

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...

[SECURITY] Fedora 41 Update: qt5-qtsvg-5.15.17-2.fc41

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...

WordPress plugin Jeg Kit for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

CVE-2025-9978

CVE-2025-9978 affects the Jeg Kit for Elementor WordPress plugin prior to 2.7.0. The vulnerability arises because SVG file contents are not sanitized when uploaded via xmlrpc.php, enabling cross-site scripting (XSS). Multiple sources corroborate the issue and specify the vulnerable version range ...