16 matches found
CVE-2025-61768
KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF Server-Side Request Forgery vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag...
CVE-2025-61681
KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS. The upload endpoint only validates file types based on Content-Type headers, lacks file content analysis and...
CVE-2025-61768
KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF Server-Side Request Forgery vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag...
CVE-2025-61768 Kuno CMS Vulnerable to Server-Side Request Forgery (SSRF) via Unsafe SVG Upload
KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF Server-Side Request Forgery vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag...
CVE-2025-61768 Kuno CMS Vulnerable to Server-Side Request Forgery (SSRF) via Unsafe SVG Upload
KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF Server-Side Request Forgery vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag...
CVE-2025-61768
KUNO CMS prior to 1.3.15 is affected by an SSRF in the Media module via uploading specially crafted SVGs with external image references. A logged‑in administrator can trigger an outgoing connection to an arbitrary URL, enabling information disclosure or internal network probing. The issue is fixe...
CVE-2025-61768 Kuno CMS Vulnerable to Server-Side Request Forgery (SSRF) via Unsafe SVG Upload
KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF Server-Side Request Forgery vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag...
EUVD-2025-32593
KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF Server-Side Request Forgery vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag...
PT-2025-40951
Name of the Vulnerable Software and Affected Versions KUNO CMS versions prior to 1.3.15 Description KUNO CMS is a full-stack blog application. A Server-Side Request Forgery SSRF issue exists in the Media module of the administrative panel. An administrator can upload a specially crafted SVG file...
CVE-2025-61681
KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS. The upload endpoint only validates file types based on Content-Type headers, lacks file content analysis and...
CVE-2025-61681 Kuno is Vulnerable to Stored XSS Attack via SVG File Upload
KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS. The upload endpoint only validates file types based on Content-Type headers, lacks file content analysis and...
CVE-2025-61681 Kuno is Vulnerable to Stored XSS Attack via SVG File Upload
KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS. The upload endpoint only validates file types based on Content-Type headers, lacks file content analysis and...
EUVD-2025-32427
KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS. The upload endpoint only validates file types based on Content-Type headers, lacks file content analysis and...
CVE-2025-61681 Kuno is Vulnerable to Stored XSS Attack via SVG File Upload
KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS. The upload endpoint only validates file types based on Content-Type headers, lacks file content analysis and...
CVE-2025-61681
Summary (CVE-2025-61681, KUNO CMS): Versions 1.3.13 and earlier of KUNO CMS are affected by a file-upload validation flaw that enables stored XSS via uploaded SVG files. The upload endpoint only checks Content-Type, lacks content analysis, and has no extension-whitelisting, allowing scripts embed...
PT-2025-40605
Name of the Vulnerable Software and Affected Versions KUNO CMS versions prior to 1.3.14 Description KUNO CMS, a full-stack blog application, has flaws in its file upload functionality. The upload process only validates file types based on Content-Type headers and does not analyze file content or...