8211 matches found
DEBIAN-CVE-2025-10728
When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS...
UBUNTU-CVE-2025-10728
When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS...
CVE-2025-10728 Uncontrolled recursion in Qt SVG module
When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS...
CVE-2025-10728
When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS...
CVE-2025-60454
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...
CVE-2025-60454
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...
CVE-2025-60445
A stored Cross-Site Scripting XSS vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code that executes when th...
CVE-2025-60450
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...
CVE-2025-60451
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module...
CVE-2025-60453
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload malicious SVG files...
CVE-2025-60452
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\downloadadmin.class.php component. The vulnerability allows attackers to upload malicious SVG...
CVE-2025-60451
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module...
CVE-2025-60445
A stored Cross-Site Scripting XSS vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code that executes when th...
CVE-2025-60450
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...
CVE-2025-60452
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\downloadadmin.class.php component. The vulnerability allows attackers to upload malicious SVG...
CVE-2025-60448
A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when th...
PT-2025-40605
Name of the Vulnerable Software and Affected Versions KUNO CMS versions prior to 1.3.14 Description KUNO CMS, a full-stack blog application, has flaws in its file upload functionality. The upload process only validates file types based on Content-Type headers and does not analyze file content or...
CVE-2025-60452
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\downloadadmin.class.php component. The vulnerability allows attackers to upload malicious SVG...
CVE-2025-60452
MetInfo CMS v8.0 contains a stored XSS in the download management module (app\system\download\admin\download_admin.class.php) caused by accepting unvalidated SVG uploads (containing JavaScript) that execute when viewed. Red Hat and other sources corroborate the same description. Impact is a store...
CVE-2025-60453
MetInfo CMS 8.0 is affected in the column management module (app\system\column\admin\index.class.php). The issue is a stored XSS vulnerability that allows attackers to upload SVG files containing JavaScript, which executes when the uploaded file is viewed or accessed by users. This aligns with mu...