exploitDog

CVE-2025-65790

Опубликовано: 22 дек. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A reflected cross-site scripting (XSS) vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline

Ссылки

https://fuguhub.com/
Product
https://github.com/hunterxxx/FuguHub-8.1-Reflected-SVG-XSS-CVE-2025-65790
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:realtimelogic:fuguhub:8.1:*:*:*:*:windows:*:*

EPSS

Процентиль: 17%

0.00054

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-rr4m-w7hj-h8qv

CVSS3: 6.1

github

около 2 месяцев назад

A reflected cross-site scripting (XSS) vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline <script> element, the browser executes the attacker-controlled JavaScript.

EPSS

Процентиль: 17%

0.00054

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79