Unrated severityNVD Advisory· Published Oct 3, 2025· Updated Oct 3, 2025
CVE-2025-60445
CVE-2025-60445
Description
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code that executes when the uploaded file is viewed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- XunRui/CMSdescription
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.