VYPR
Unrated severityNVD Advisory· Published Oct 9, 2025· Updated Oct 10, 2025

Newforma Info Exchange (NIX) stored XSS via SVG file upload

CVE-2025-35060

Description

Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.