15 matches found
TypiCMS-Search-LIKE-Wildcard-Info-Disclosure
TypiCMS Search LIKE Wildcard Information Disclosure A proof-o...
📄 TypiCMS Cross Site Scripting
TypiCMS versions prior to 16.1.7 suffer from a persistent cross site scripting via SVG file uploads. CVE-2026-27621: TypiCMS Core has Stored Cross-Site Scripting XSS via SVG File Upload Overview | Field | Details | |---|---| | CVE ID | CVE-2026-27621 | | Severity | MEDIUM | | Advisory | View...
CVE-2026-27621
TypiCMS is a multilingual content management system based on the Laravel framework. A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS prior to version 16.1.7. The application allows users with file upload permissions to upload SVG files. While there is a...
EUVD-2026-8598
TypiCMS Core has Stored Cross-Site Scripting XSS via SVG File Upload...
TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload
I. Summary A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS. The application allows users with file upload permissions to upload SVG files. While there is a MIME type validation, the content of the SVG file is not sanitized. An attacker can upload a...
GHSA-XFVG-8V67-J7WP TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload
I. Summary A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS. The application allows users with file upload permissions to upload SVG files. While there is a MIME type validation, the content of the SVG file is not sanitized. An attacker can upload a...
CVE-2026-27621
TypiCMS is a multilingual content management system based on the Laravel framework. A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS prior to version 16.1.7. The application allows users with file upload permissions to upload SVG files. While there is a...
CVE-2026-27621 TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload
TypiCMS is a multilingual content management system based on the Laravel framework. A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS prior to version 16.1.7. The application allows users with file upload permissions to upload SVG files. While there is a...
CVE-2026-27621 TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload
TypiCMS is a multilingual content management system based on the Laravel framework. A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS prior to version 16.1.7. The application allows users with file upload permissions to upload SVG files. While there is a...
CVE-2026-27621
CVE-2026-27621 affects TypiCMS Core prior to 16.1.7. A Stored XSS exists in the file upload module: SVG files can bypass sanitization despite MIME type validation, allowing an attacker with upload privileges to inject malicious JavaScript. When an admin or authenticated user views the uploaded SV...
CVE-2026-27621
TypiCMS is a multilingual content management system based on the Laravel framework. A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS prior to version 16.1.7. The application allows users with file upload permissions to upload SVG files. While there is a...
CVE-2026-27621 TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload
TypiCMS is a multilingual content management system based on the Laravel framework. A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS prior to version 16.1.7. The application allows users with file upload permissions to upload SVG files. While there is a...
TypiCMS 跨站脚本漏洞
TypiCMS is an open-source content management system developed by TypiCMS. Versions of TypiCMS prior to 16.1.7 had a cross-site scripting vulnerability. This vulnerability stemmed from the file upload module not clearing the content of SVG files, which could lead to storage-based cross-site...
PT-2026-21843
TypiCMS is a multilingual content management system based on the Laravel framework. A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS prior to version 16.1.7. The application allows users with file upload permissions to upload SVG files. While there is a...
CVE-2026-27621
creationtimestamp| type| source ---|---|--- 2026-02-21 22:21:45+00:00| published-proof-of-concept| https://github.com/typicms/core/security/advisories/GHSA-xfvg-8v67-j7wp...