Vulnerabilities

CVE-2025-10348

by Fred · 30/10/2025

URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without any form of authentication.

This issue was fixed in version 1.1.24.

More information : https://cert.pl/posts/2025/10/CVE-2025-10348

Similar

Tags: Cybersecurity Alert