CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters

Summary CarrierWave's contenttypedenylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block. Note: CarrierWave is aware contenttypedenylist is deprecated for the security reason, but it still used by...

CVE-2026-32753

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG sanitizer make it possible to upload and render an SVG that runs malicious JavaScript. An extension of .png with content type of...

PT-2025-38409

Name of the Vulnerable Software and Affected Versions Lobe Chat versions prior to 1.129.4 Description Lobe Chat, an open-source artificial intelligence chat framework, contains a cross-site scripting XSS issue in how it handles chat messages. Specifically, when a server response includes a...

CVE-2023-48114

CVE-2023-48114 affects SmarterTools SmarterMail 8495–8664, before 8747. A stored XSS flaw arises from handling image/svg+xml and uploaded SVGs, where the app permits youtube.com variants including an @ attacker-controlled domain name. Impact is stored XSS in web context via SVG upload; no exploit...

DEBIAN-CVE-2022-23515

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1...

Cross site scripting

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1...

CVE-2022-23515 Improper neutralization of data URIs may allow XSS in Loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1...

Cross-site Scripting in Jirafeau

The file preview functionality in Jirafeau 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file...

CVE-2022-30110

The file preview functionality in Jirafeau 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file...

Cross site scripting

The file preview functionality in Jirafeau 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file...

CVE-2022-30110

The file preview functionality in Jirafeau 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file...

Bolt CMS Stored XSS

Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header...

Design/Logic Flaw

Editor.md 1.5.0 has DOM-based XSS via vectors involving the 'EMBED SRC="data:image/svg+xml' substring...

CVE-2017-11127

Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header...

Opera 12.02 Cross Site Scripting

Exploit Title: Opera image/svg+xml UXSS Date: 06.10.2012 Exploit Author: volema.com Author homepage: http://blog.volema.com Vendor Homepage: opera.com Version: Opera 12.02 Tested on: Windows CVE : NO Full disclosure - http://blog.volema.com/opera-svg-xml-shortcut-uxss.html We'll exploit the proce...