A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the ap
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the ap
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\img_
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\ad
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\
CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers
A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded
Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts thr
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the mu
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing
A stored cross-site scripting (XSS) vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via
Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG fi
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component
CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality.
UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attacke
Cross-Site Scripting (XSS) vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privi
The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.1.10. This is due to insufficient sanitization of SVG file
The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content.
Since SVG files can contain embedded JavaScript, an
Page 1+ Next →