A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 03 Oct 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Fri, 03 Oct 2025 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-10-03T15:48:16.258Z
Reserved: 2025-09-26T00:00:00.000Z
Link: CVE-2025-60450

Updated: 2025-10-03T15:48:10.781Z

Status : Received
Published: 2025-10-03T14:15:46.543
Modified: 2025-10-03T16:16:19.453
Link: CVE-2025-60450

No data.

No data.