exploitDog

GHSA-2xcq-fmvr-mmpw

Опубликовано: 14 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.

CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.

Ссылки

EPSS

Процентиль: 1%

0.0001

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-63830

CVSS3: 6.1

nvd

22 дня назад

CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.

EPSS

Процентиль: 1%

0.0001

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79