A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\img_admin.class.php component. The vulnerability allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed by users.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 03 Oct 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Fri, 03 Oct 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\img_admin.class.php component. The vulnerability allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed by users. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-10-03T15:46:31.530Z
Reserved: 2025-09-26T00:00:00.000Z
Link: CVE-2025-60454

Updated: 2025-10-03T15:46:22.241Z

Status : Received
Published: 2025-10-03T14:15:47.053
Modified: 2025-10-03T16:16:20.130
Link: CVE-2025-60454

No data.

No data.