CVE-2025-14837

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...

CVE-2025-60451

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module...

EUVD-2025-32294

Malicious code in bioql PyPI...

CVE-2025-60451

MetInfo CMS 8.0 contains a stored XSS due to insufficient validation/sanitization of SVG uploads in the website settings module, specifically in app/system/include/module/uploadify.class.php. The issue allows uploaded SVGs with JavaScript to execute when viewed. CVSS 3.1 base score 6.1 (Network a...

CVE-2025-60451

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module...