Unrated severityNVD Advisory· Published Oct 3, 2025· Updated Oct 3, 2025
CVE-2025-60451
CVE-2025-60451
Description
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module. This security flaw allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- MetInfo/CMSdescription
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.