Lucene search
K

35 matches found

CNNVD
CNNVD
added 2025/10/01 12:0 a.m.6 views

Fiora 跨站脚本漏洞

Fiora - is a chat application by yinxin630 individual developer. A cross-site scripting vulnerability exists in Fiora version 1.0.0, which originates from the execution of arbitrary JavaScript while rendering a malicious SVG file, and could lead to a cross-site scripting attack...

5.4CVSS6.1AI score0.00262EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/09/19 9:26 p.m.13 views

CVE-2025-59415

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...

4.6CVSS7.2AI score0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/17 9:7 p.m.4 views

CVE-2025-59415 Frappe Learning vulnerable to Malicious Content upload via Profile bio field

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...

4.6CVSS6.8AI score0.00228EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/05/31 12:0 a.m.7 views

The vulnerability of the Ghost content management system, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.

The vulnerability of the Ghost content management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks by sending a specially created malicious SVG file containing JavaScript code to port...

4CVSS7.7AI score0.03485EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/02/06 10:15 a.m.4 views

CVE-2024-24943

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image...

5.5CVSS5.8AI score0.00407EPSS
Exploits0References1
OSV
OSV
added 2024/01/29 3:15 p.m.6 views

CVE-2023-7089

The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

5.4CVSS7.3AI score0.0038EPSS
Exploits2References1
OSV
OSV
added 2023/03/23 8:15 p.m.5 views

DEBIAN-CVE-2023-1289

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial o...

5.5CVSS6.4AI score0.00865EPSS
Exploits1References1
OSV
OSV
added 2022/05/06 6:15 p.m.5 views

CVE-2022-28270

Adobe Photoshop versions 22.5.6 and earlier and 23.2.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG...

7.8CVSS7.6AI score0.02237EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/01/26 12:15 p.m.3 views

CVE-2021-44118

SPIP 4.0.0 is affected by a Cross Site Scripting XSS vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users stored XSS...

5.4CVSS6.1AI score0.00772EPSS
Exploits0References4
OSV
OSV
added 2022/01/26 12:15 p.m.3 views

UBUNTU-CVE-2021-44118

SPIP 4.0.0 is affected by a Cross Site Scripting XSS vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users stored XSS...

5.4CVSS6.1AI score0.00772EPSS
Exploits0References7
OSV
OSV
added 2021/09/27 4:15 p.m.6 views

CVE-2021-39823

Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is...

7.8CVSS7.8AI score0.04115EPSS
Exploits0References1
OSV
OSV
added 2021/02/03 8:15 p.m.4 views

CVE-2020-9388

CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard...

6.5CVSS5.9AI score0.00777EPSS
Exploits0References3
OSV
OSV
added 2018/07/27 6:29 p.m.5 views

CVE-2017-2587

A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash...

5.5CVSS5.8AI score0.01291EPSS
Exploits0References2
CNVD
CNVD
added 2018/03/22 12:0 a.m.3 views

Alkacon OpenCMS gallery feature cross-site scripting vulnerability

Alkacon OpenCms is the German Alkacon Software's set of open source Java and XML-based content management system CMS. The system supports template engine , WYSIWYG editor and so on. A cross-site scripting vulnerability exists in the gallery feature in Alkacon OpenCMS version 10.5.3. A remote...

4.6CVSS6AI score0.01405EPSS
Exploits5References1
Positive Technologies
Positive Technologies
added 2017/04/18 12:0 a.m.6 views

PT-2017-16654 · Apache +2 · Apache Batik +2

Name of the Vulnerable Software and Affected Versions: Apache Batik versions prior to 1.9 Description: The issue allows arbitrary users to reveal files on the server's filesystem by sending maliciously formed SVG files. The types of files that can be accessed depend on the user context in which t...

9.8CVSS6.8AI score0.19523EPSS
Exploits1References48
Rows per page
Query Builder