Cross-site Scripting

webreinvent/vaahcms is vulnerable to Cross-Site Scripting. The vulnerability is due to improper sanitization in the storeAvatar upload method of UserBase.php, where crafted input can be stored and later executed in a user’s browser, allowing a remote attacker to run arbitrary JavaScript code...

CVE-2025-61183

Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...

GHSA-Q769-PHQG-263R VaahCMS is vulnerable to XSS through its Avatar Upload endpoint

Cross-Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...

VaahCMS is vulnerable to XSS through its Avatar Upload endpoint

Cross-Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...

CVE-2025-61183

Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...

CVE-2025-61183

Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...

Exploit for CVE-2025-61183

CVE-2025-61183 Stored XSS in User Avatar Upload via Unsafe S...

PT-2025-41260

Name of the Vulnerable Software and Affected Versions vaahcms version 2.3.1 Description A cross-site scripting issue exists in vaahcms version 2.3.1. A remote attacker can potentially execute arbitrary code through the upload method within the storeAvatar function of the UserBase.php file...

CVE-2025-61183

VaahCMS 2.3.1 is affected by a Stored XSS via the Avatar Upload endpoint in storeAvatar() of UserBase.php. The vulnerability stems from saving the uploaded file to a public path before content/MIME-type validation, allowing an attacker to place a crafted SVG that can execute script when rendered....

CVE-2025-61183

Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...

vaahcms 安全漏洞

vaahcms is an open source web application development platform by WebReinvent Technologies Pvt Ltd. A security vulnerability exists in vaahcms version 2.3.1, which stems from cross-site scripting in the upload function of the storeAvatar method in UserBase.php, which could lead to the execution o...

EUVD-2025-33172

Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...

CVE-2025-61183

Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...