Medium severity4.8OSV Advisory· Published Jan 29, 2026· Updated May 12, 2026
CVE-2025-15549
CVE-2025-15549
Description
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the uploaded file URL.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/fluentcms/FluentCMS/issues/2404nvdExploitVendor Advisory
- www.vulncheck.com/advisories/fluentcms-stored-xss-via-svg-upload-in-file-managementnvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.