EUVD-2026-22705

October Rain has Stored XSS via SVG Filter Bypass...

CVE-2026-27621 TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload

TypiCMS is a multilingual content management system based on the Laravel framework. A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS prior to version 16.1.7. The application allows users with file upload permissions to upload SVG files. While there is a...

PT-2026-6448

Impact Affected versions of Winter CMS allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would need access to the Backend with a user account with the following permission: cms.manage asse...

CVE-2025-9698 The Plus Addons for Elementor < 6.3.16 - Author+ Stored XSS

The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks...

PT-2025-34235 · Unopim +1 · Unopim +1

Name of the Vulnerable Software and Affected Versions: UnoPim versions prior to 0.2.1 Description: UnoPim, an open-source Product Information Management PIM system built on the Laravel framework, contains a stored cross-site scripting vulnerability. The vulnerability is due to an SVG MIME/sanitiz...