Unrated severityNVD Advisory· Published Dec 17, 2025· Updated Apr 7, 2026
UliCMS 2023.1 Stored Cross-Site Scripting via SVG File Upload
CVE-2023-53925
Description
UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts when viewed by other users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/51435mitreexploit
- www.vulncheck.com/advisories/ulicms-stored-cross-site-scripting-via-svg-file-uploadmitrethird-party-advisory
- web.archive.org/web/20230314183734/https://en.ulicms.de/mitreproduct
News mentions
0No linked articles in our index yet.