CVE-2025-63830
CKFinder 1.4.3 is affected by a Cross Site Scripting (XSS) vulnerability in the File Upload feature. An attacker can upload a crafted SVG that contains active content, potentially executing script in the context of a user’s browser. This affects the CKFinder 1.4.3 release as described across mult...