Metrics
Affected Vendors & Products
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-32302 | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\img_admin.class.php component. The vulnerability allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed by users. |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 07 Oct 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:metinfo:metinfo:8.0.0:*:*:*:*:*:*:* |
Mon, 06 Oct 2025 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Metinfo
Metinfo metinfo |
|
| Vendors & Products |
Metinfo
Metinfo metinfo |
Fri, 03 Oct 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| Metrics |
cvssV3_1
|
Fri, 03 Oct 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\img_admin.class.php component. The vulnerability allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed by users. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-10-03T15:46:31.530Z
Reserved: 2025-09-26T00:00:00.000Z
Link: CVE-2025-60454
Updated: 2025-10-03T15:46:22.241Z
Status : Analyzed
Published: 2025-10-03T14:15:47.053
Modified: 2025-10-07T15:09:38.843
Link: CVE-2025-60454
No data.
OpenCVE Enrichment
Updated: 2025-10-06T14:42:51Z
EUVD