Medium severity5.4NVD Advisory· Published Jun 8, 2017· Updated May 13, 2026
CVE-2017-9516
CVE-2017-9516
Description
Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
craftcms/cmsPackagist | < 2.6.2982 | 2.6.2982 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- packetstormsecurity.com/files/142851/Craft-CMS-2.6-Cross-Site-Scripting-File-Upload.htmlnvdExploitThird Party AdvisoryWEB
- craftcms.com/changelognvdRelease NotesVendor AdvisoryWEB
- github.com/advisories/GHSA-6pvw-hh48-jx7pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-9516ghsaADVISORY
- twitter.com/CraftCMS/status/872599894912937984nvdPress/Media CoverageThird Party AdvisoryWEB
- www.exploit-db.com/exploits/42143ghsaWEB
- www.exploit-db.com/exploits/42143/nvd
News mentions
0No linked articles in our index yet.