CVE-2025-60454

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the appsystemimgadminimg_admin.class.php component. The vulnerability allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed by users.

More information : https://snowhy77.github.io/2025/08/22/Stored-XSS-in-MetInfo-Image-Module/