Lucene search
K

41 matches found

CVE
CVE
added yesterday20 views

CVE-2026-55877

The CVE-2026-55877 entry covers an XSS vulnerability in Symfony UX icons. From 2.17.0–2.36.0 and 3.0.0–3.1.9 (before 3.2.0), the ux_icon() Twig function is marked is_safe=['html'] and Icon::toHtml() inlines SVG source, allowing unsanitized local SVGs or Iconify on-demand responses to contain nest...

6.1CVSS5.6AI score
Exploits0References4
EUVD
EUVD
added 2026/06/23 10:50 a.m.7 views

EUVD-2026-38424

Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment. This allows an attacker to publish an extension with a maliciou...

4.1CVSS5.9AI score0.00226EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/19 9:42 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the uxicon function when unsanitized SVG content is inlined from local files or remote Iconify responses. An attacker can execute arbitrary JavaScript in the context of the application by supplying a malicio...

6.1CVSS6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 9:42 p.m.8 views

symfony/ux-icons: XSS via unsanitized SVG content in local files and Iconify on-demand responses

Description The uxicon Twig function is marked issafe='html', so Twig never escapes its output. Icon::toHtml inlines the SVG source verbatim into the page. Browsers execute elements and on event-handler attributes found inside inline SVG, making any unsanitized icon a vector for cross-site...

6.1CVSS6AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/04 7:35 p.m.10 views

GHSA-XVHC-GM7J-MHMC Shopware: Stored XSS via SVG file upload — no SVG sanitization

SVG files are in the allowedextensions whitelist and can be uploaded by any admin user via the media manager. There is zero SVG content sanitization anywhere in the upload pipeline. A malicious SVG with JavaScript onload, , executes in the context of the Shopware domain when accessed. The Problem...

4.9CVSS5.9AI score0.00039EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.11 views

PT-2026-42798

Name of the Vulnerable Software and Affected Versions Typebot versions prior to 3.16.0 Description The RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without sanitization. Because rating blocks are not flagged ...

8.7CVSS6AI score0.00257EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/20 7:13 p.m.30 views

CVE-2026-39311 Trilium Notes: Stored XSS Leads to Unauthorized Remote Code Execution (RCE) via Unsanitized SVG Attachments

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy CSP and a publicly reachable...

6.8CVSS0.00288EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/15 9:31 p.m.47 views

CVE-2026-45314 Open WebUI: XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profileimageurl values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves...

7.4CVSS0.00212EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 9:31 p.m.25 views

CVE-2026-45314

Open WebUI vulnerability CVE-2026-45314 describes a stored XSS in the profile image handling for webhooks. Before version 0.9.3, the channel webhook create/update flow accepts data URLs (data:image/svg+xml;base64,...) for profile_image_url. The API then serves the decoded SVG as image/svg+xml wit...

7.4CVSS6AI score0.00212EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 6:2 p.m.44 views

CVE-2026-8496 A cross-site scripting (XSS) vulnerability in Alinto SOGo, version 5.12.7

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

0.00283EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 12:0 a.m.9 views

CVE-2026-38948

CVE-2026-38948 affects FUEL CMS

5.4CVSS5.2AI score0.00165EPSS
Exploits0References3
NVD
NVD
added 2026/03/27 3:17 p.m.9 views

CVE-2026-5026

The '/api/v1/files/images/flowid/filename' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users, leadi...

7CVSS0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/27 2:50 p.m.3 views

CVE-2026-5026 Langflow - Stored XSS via Malicious SVG Upload

The '/api/v1/files/images/flowid/filename' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users, leadi...

7CVSS5.9AI score0.00155EPSS
Exploits0References1
OSV
OSV
added 2026/03/18 4:10 p.m.3 views

GHSA-87V3-4CFP-CM76 Cross-Site Scripting (XSS) via SVG Schema innerHTML Injection in @pdfme/schemas

Summary The SVG schema plugin in @pdfme/schemas renders user-supplied SVG content using container.innerHTML = value without any sanitization, enabling arbitrary JavaScript execution in the user's browser. Details In packages/schemas/src/graphics/svg.ts, line 87, the SVG schema's ui renderer assig...

6.1CVSS6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/25 9:37 p.m.3 views

CVE-2026-27616 Vikunja Vulnerable to Stored Cross-Site Scripting (XSS) via Unsanitized SVG Attachment Upload Leading to Token Exposure

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application...

7.3CVSS6.1AI score0.00453EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.3 views

PT-2026-21843

TypiCMS is a multilingual content management system based on the Laravel framework. A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS prior to version 16.1.7. The application allows users with file upload permissions to upload SVG files. While there is a...

6.8CVSS5.6AI score0.00188EPSS
Exploits2References3
NVD
NVD
added 2026/02/16 10:16 a.m.5 views

CVE-2025-59903

Stored Cross-Site Scripting XSS vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromis...

5.4CVSS0.00133EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 8:16 p.m.4 views

CVE-2026-22254

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...

3.5CVSS0.00251EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/06 7:11 p.m.27 views

CVE-2026-22254 Winter Affected by Stored Cross-Site Scripting (XSS) in Asset Manager

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...

0.00251EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/21 1:0 a.m.8 views

SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon

Summary Reflected XSS in /api/icon/getDynamicIcon due to unsanitized SVG input. Details The endpoint generates SVG images for text icons type=8. The content query parameter is inserted directly into the SVG tag without XML escaping. Since the response Content-Type is image/svg+xml, injecting...

6.1CVSS5.6AI score0.00263EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder