exploitDog

CVE-2025-61417

Опубликовано: 20 окт. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to perform unauthorized actions such as modifying the admin account credentials.

Ссылки

https://github.com/mg7-x/CVEs/blob/main/CVE-2025-61417/README.md
Exploit
Third Party Advisory
https://github.com/tastyigniter/TastyIgniter
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tastyigniter:tastyigniter:3.7.7:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00071

Низкий

8.8 High

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-4vrf-42cm-7xfw

github

4 месяца назад

TastyIgniter vulnerable to Cross-Site Scripting

EPSS

Процентиль: 22%

0.00071

Низкий

8.8 High

CVSS3

Дефекты

CWE-79