Metrics
Affected Vendors & Products
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-32299 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed. |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 07 Oct 2025 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:metinfo:metinfo:8.0.0:*:*:*:*:*:*:* |
Mon, 06 Oct 2025 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Metinfo
Metinfo metinfo |
|
| Vendors & Products |
Metinfo
Metinfo metinfo |
Fri, 03 Oct 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| Metrics |
cvssV3_1
|
Fri, 03 Oct 2025 14:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-10-03T15:48:16.258Z
Reserved: 2025-09-26T00:00:00.000Z
Link: CVE-2025-60450
Updated: 2025-10-03T15:48:10.781Z
Status : Analyzed
Published: 2025-10-03T14:15:46.543
Modified: 2025-10-07T15:36:38.570
Link: CVE-2025-60450
No data.
OpenCVE Enrichment
Updated: 2025-10-06T14:43:04Z
EUVD