2 matches found
CVE-2018-7265
Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS...
CVE-2018-7265
Shimmie 2 2.6.0 is affected by a stored XSS vulnerability triggered by uploading a crafted SVG file. The root cause is improper handling of uploaded SVGs, allowing attacker-supplied JavaScript to be stored and later executed in the victim’s context. Affected component: the image upload handling i...