VYPR
Unrated severityNVD Advisory· Published Feb 16, 2026· Updated Feb 17, 2026

Stored Cross-Site Scripting (XSS) in Kubysoft

CVE-2025-59903

Description

Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromised resource.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • Kubysoft/Kubysoftv5
    Range: All versions

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.