Low severity2.4GHSA Advisory· Published Sep 24, 2025· Updated Apr 29, 2026
CVE-2025-10909
CVE-2025-10909
Description
A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
novosga/novosgaPackagist | <= 2.2.9 | — |
Affected products
2Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-4c44-r8rm-3p39ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-10909ghsaADVISORY
- hackmd.io/@noka/B1qwCyR9llghsaWEB
- hackmd.io/@noka/B1qwCyR9llghsaWEB
- vuldb.comnvdWEB
- vuldb.comnvdWEB
- vuldb.comnvdWEB
- karinagante.github.io/cve-2025-10909/nvd
- karinagante.github.io/cve-2025-10909/nvd
News mentions
0No linked articles in our index yet.