Unrated severityNVD Advisory· Published Oct 9, 2025· Updated Oct 10, 2025
Newforma Info Exchange (NIX) stored XSS via SVG file upload
CVE-2025-35060
Description
Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.