4 matches found
UBUNTU-CVE-2026-8496
A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...
CVE-2025-41084
Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...
CVE-2025-41084
CVE-2025-41084 describes a Stored Cross-Site Scripting (XSS) vulnerability in the Sesame web application. The issue arises because uploaded SVG images are not properly sanitized, allowing attackers to embed malicious scripts in SVG files by issuing a POST to the logo endpoint (/api/v3/companies//...
CVE-2025-54300 Extension - norrnext.com - Stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads...