8211 matches found
CVE-2025-60453
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload malicious SVG files...
Emlog Pro 安全漏洞
Emlog Pro is an Emlog open source blogging system. A security vulnerability exists in Emlog Pro version 2.5.19, which stems from insufficient validation of SVG file uploads and could lead to a stored cross-site scripting attack...
CVE-2025-60445
A stored Cross-Site Scripting XSS vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code that executes when th...
XunRuiCMS 安全漏洞
XunRuiCMS XunRuiCMS is a content management system for XunRuiCMS individual developers. A security vulnerability exists in XunRuiCMS version 4.7.1, which stems from insufficient validation of SVG file uploads and could lead to a stored cross-site scripting attack...
CVE-2025-60450
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...
MetInfo CMS 安全漏洞
MetInfo CMS is a content management system from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from insufficient validation and cleanup of SVG file uploads and could lead to a stored cross-site scripting attack...
MetInfo CMS 安全漏洞
MetInfo CMS is a content management system CMS from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from an unvalidated SVG file input in the download management module, which could lead to a stored cross-site scripting attack...
Qt 安全漏洞
Qt is a cross-platform application development framework from the Qt open source. A security vulnerability exists in Qt that stems from possible recursive rendering when rendering Svg files containing pattern elements, which could lead to a stack overflow denial of service...
CVE-2025-60451
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module...
CVE-2025-60451
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module...
PT-2025-40521
Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0 Description A stored Cross-Site Scripting XSS issue exists in the download management module of the software. The vulnerability is located in the appsystemdownloadadmindownload admin.class.php component. Attackers can...
CVE-2025-60450
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...
CVE-2025-60454
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...
CVE-2025-60454
MetInfo CMS 8.0 is affected in the image management module. The XSS vulnerability arises from unvalidated SVG uploads in the file path app\system\img\admin\img_admin.class.php, enabling stored JavaScript execution when users view/access the uploaded SVG. Multiple connected sources corroborate thi...
PT-2025-40518
Name of the Vulnerable Software and Affected Versions XunRuiCMS version 4.7.1 Description A stored Cross-Site Scripting XSS issue exists because of inadequate validation of SVG file uploads within the dayrui/Fcms/Library/Upload.php component. This allows attackers to inject malicious JavaScript...
PT-2025-40526
Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.19 Description A stored Cross-Site Scripting XSS issue exists due to inadequate validation of SVG file uploads within the /admin/media.php component. This allows attackers to upload malicious SVG files containing JavaScri...
CVE-2025-60448
CVE-2025-60448 affects Emlog Pro 2.5.19; stored XSS via SVG uploads in /admin/media.php due to insufficient validation. Exploitation could occur when malicious SVGs are viewed. Affected component is the SVG upload handler; no fix version is stated in the sources. PT Security notes no information ...
CVE-2025-60445
CVE-2025-60445 affects XunRuiCMS 4.7.1. Root cause: insufficient validation of SVG uploads in dayrui/Fcms/Library/Upload.php, enabling stored XSS when the uploaded file is viewed. Impact: injected JavaScript code executes in the context of the uploaded SVG. Remediation: no patch/fix details provi...
CVE-2025-60454
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...
GHSA-2C6J-VW6R-MFCH Fiora chat group avatar is vulnerable to XSS via SVG files
File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...