VYPR

Packagist (Composer) package

webreinvent/vaahcms

pkg:composer/webreinvent/vaahcms

Vulnerabilities (1)

  • CVE-2025-61183Oct 8, 2025
    affected <= 2.3.1

    Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar() method of UserBase.php