Security Advisory

CVE-2025-60445

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-03 00:00:00

Last updated 2025-10-03 15:47:25

Assigner mitre

State PUBLISHED

Description

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code that executes when the uploaded file is viewed.

← Browse all CVEs View on cve.org ↗