3 matches found
CVE-2023-53909
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the...
CVE-2025-64094 DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This...
CVE-2024-10867
CVE-2024-10867 refers to the Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via SVG file uploads in all versions up to and including 1.5.9, caused by insufficient input sanitization and out...