Lucene search
K

11 matches found

NVD
NVD
added 2025/12/15 9:15 p.m.6 views

CVE-2023-53890

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...

5.4CVSS0.00198EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/01 12:0 a.m.8 views

CVE-2025-63317

Todoist v8896 is vulnerable to Cross Site Scripting XSS in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment...

0.00182EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-11286

Malware in sbrugna...

4.8CVSS5.1AI score0.0067EPSS
Exploits1References2
NVD
NVD
added 2025/02/03 4:15 a.m.34 views

CVE-2025-25063

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, ...

4.4CVSS0.00185EPSS
Exploits0References1
PyPA
PyPA
added 2024/10/10 11:15 p.m.5 views

PYSEC-2024-220

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...

6.9CVSS6.5AI score0.00252EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/03 6:25 p.m.10 views

GHSA-255W-87RH-RG44 Cross-site Scripting via uploaded SVG

In Sulu v2.0.0 through v2.6.4 are vulnerable against XSS whereas a low privileged user with an access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ other users including admins browsers...

6.1CVSS5.2AI score0.00353EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/26 6:0 a.m.18 views

CVE-2024-3633 WebP & SVG Support <= 1.4.0 - Author+ Stored XSS via SVG

The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

6AI score0.00331EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.4 views

SmarterTools SmarterMail Security Breach

SmarterTools SmarterMail is a set of mail server software from SmarterTools. The software supports spam filtering, statistics, Simple Mail Transfer Protocol SMTP authentication, and other features. A security vulnerability exists in SmarterTools SmarterMail versions 8495 through 8664, which stems...

5.4CVSS5.7AI score0.00355EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2021/07/19 12:0 a.m.15 views

Photo Gallery < 1.5.79 - Stored XSS via Uploaded SVG in Zip

The plugin did not ensure that uploaded SVG files inside a Zipped archive added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly ie in the...

6AI score
Exploits0Affected Software1
wpexploit
wpexploit
added 2021/07/19 12:0 a.m.591 views

Photo Gallery < 1.5.79 - Stored XSS via Uploaded SVG in Zip

The plugin did not ensure that uploaded SVG files inside a Zipped archive added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly ie in the...

0.3AI score
Exploits0
NVD
NVD
added 2020/12/18 9:15 a.m.16 views

CVE-2019-16955

SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request...

5.4CVSS5.3AI score0.01656EPSS
Exploits1References3
Rows per page
Query Builder