VYPR
Medium severity6.8OSV Advisory· Published Oct 27, 2025· Updated Apr 15, 2026

CVE-2025-62793

CVE-2025-62793

Description

eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application origin. A victim who opens the SVG URL or any page embedding it could have their session hijacked, data exfiltrated, or actions performed on their behalf. This vulnerability is fixed n 5.3.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Elabftw/ElabftwOSV2 versions
    0.10.0, 0.10.1, 0.11.0, …+ 1 more
    • (no CPE)range: 0.10.0, 0.10.1, 0.11.0, …
    • (no CPE)range: <5.3.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.