Security Advisory
CVE-2025-51489
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened.