CVE-2023-53900

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

CVE-2023-53903

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting...

CVE-2023-53900

SPIP 4.1.10 is affected by a file-upload vulnerability where SVG files containing embedded external links can be uploaded and used to redirect users via a crafted SVG logo. Root cause is improper file-upload filtering. Consequences described across sources include social-engineering-like admin in...

CVE-2023-53900 Spip 4.1.10 Admin Account Spoofing via Malicious SVG Upload

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

EUVD-2023-60190

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

CVE-2023-53900 Spip 4.1.10 Admin Account Spoofing via Malicious SVG Upload

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

CVE-2025-68116 FileRise vulnerable to Cross-Site Scripting (XSS) in SVG File Handling

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting XSS due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG primary or...

CVE-2025-11220

CVE-2025-11220 affects the Elementor Website Builder (Text Path widget) and its SVG markup construction. Up to 3.33.3, it allows Stored Cross-Site Scripting via user input not properly neutralized, enabling authenticated attackers with contributor-level access and above to inject web scripts in p...

SPIP 跨站脚本漏洞

SPIP is a free software for creating Internet sites from the SPIP open source. A cross-site scripting vulnerability exists in SPIP version 4.1.10, which stems from improper file upload filtering and could lead to an attacker uploading malicious SVG files...

PT-2025-51748

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

websitebaker 安全漏洞

websitebaker is a PHP-based content management system for individual developers. Its features include template-based front-end interface, paging support, multi-user management, etc. The vulnerability is caused by a stored cross-site scripting vulnerability. A security vulnerability exists in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper import of the iouring network vector buffer, which could lead to memory problems...

CVE-2023-53876

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable...

CVE-2023-53876

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable...

CVE-2023-53890 Perch CMS 3.2 Stored Cross-Site Scripting via SVG File Upload

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...

CVE-2023-53890 Perch CMS 3.2 Stored Cross-Site Scripting via SVG File Upload

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...

CVE-2023-53884 Webedition CMS v2.9.8.8 Stored Cross-Site Scripting via SVG Upload

Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is...

CVE-2023-53876

CVE-2023-53876 affects Academy LMS 6.1 and is a file-upload vulnerability that lets authenticated users upload malicious SVGs containing stored XSS via the profile avatar upload feature by altering extensions and embedding JavaScript. Root cause: lax file-type handling permitting SVG execution. I...

CVE-2023-53876 Academy LMS 6.1 Arbitrary File Upload Vulnerability via Profile Settings

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable...

CVE-2023-53876 Academy LMS 6.1 Arbitrary File Upload Vulnerability via Profile Settings

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable...