Medium severityNVD Advisory· Published Oct 30, 2025· Updated Apr 15, 2026
CVE-2025-10348
CVE-2025-10348
Description
URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without any form of authentication.
This issue was fixed in version 1.1.24.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <1.1.24
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.