Lucene search
K

4 matches found

OSV
OSV
added 2026/05/13 7:17 p.m.6 views

UBUNTU-CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS6AI score0.00283EPSS
Exploits0References7
NVD
NVD
added 2026/01/20 10:16 a.m.8 views

CVE-2025-41084

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

5.1CVSS0.00331EPSS
Exploits0References1
CVE
CVE
added 2026/01/20 9:14 a.m.10 views

CVE-2025-41084

CVE-2025-41084 describes a Stored Cross-Site Scripting (XSS) vulnerability in the Sesame web application. The issue arises because uploaded SVG images are not properly sanitized, allowing attackers to embed malicious scripts in SVG files by issuing a POST to the logo endpoint (/api/v3/companies//...

5.1CVSS5.5AI score0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/25 6:54 a.m.8 views

CVE-2025-54300 Extension - norrnext.com - Stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla

A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads...

8.5CVSS0.00293EPSS
Exploits0References1
Rows per page
Query Builder