Vulnerabilities

CVE-2025-60445

by Fred · 03/10/2025

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code that executes when the uploaded file is viewed.

More information : https://snowhy77.github.io/2025/08/18/File-Upload-to-Achieve-Stored-XSS-Attack/

Similar

Tags: Cybersecurity Alert