VYPR

npm package

fiora

pkg:npm/fiora

Vulnerabilities (2)

  • CVE-2025-56515Oct 1, 2025

    File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers (onmouseo

  • CVE-2025-56514Oct 1, 2025

    Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users.