Security Advisory

CVE-2025-26260

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-12 00:00:00

Last updated 2025-03-19 18:59:02

Assigner mitre

State PUBLISHED

Description

Plenti <= 0.7.16 is vulnerable to code execution. Users uploading .svelte files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.

← Browse all CVEs View on cve.org ↗