Lucene search
+L

4 matches found

nvd
nvd
added 2025/10/30 1:15 p.m.5 views

CVE-2025-10348

URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...

5.1CVSS0.00434EPSS
Exploits0References2
cvelist
cvelist
added 2025/10/30 1:0 p.m.11 views

CVE-2025-10348 Stored Cross-Site Scripting in URVE Smart Office

URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...

5.1CVSS0.00434EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/10/30 12:0 a.m.11 views

URVE Smart Office 跨站脚本漏洞

URVE Smart Office is a smart office resource management system from URVE Smart Office, Poland. A cross-site scripting vulnerability exists in URVE Smart Office versions prior to 1.1.24, which stems from the presence of stored cross-site scripting in the function reporting the issue, which could...

5.1CVSS6AI score0.00434EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/10/30 12:0 a.m.5 views

PT-2025-44401

Name of the Vulnerable Software and Affected Versions URVE Smart Office versions prior to 1.1.24 Description URVE Smart Office is susceptible to a Stored Cross-Site Scripting XSS issue within the report problem functionality. An attacker possessing a low-privileged account can upload a Scalable...

5.1CVSS5.6AI score0.00434EPSS
Exploits0References5
Rows per page
Query Builder