CVE-2023-53925

UliCMS 2023.1 Stored Cross-Site Scripting via SVG File Upload

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

17 dez 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts when viewed by other users.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Produtos afetados

Ulicms · Ulicms

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://web.archive.org/web/20230314183734/https://en.ulicms.de/https://www.exploit-db.com/exploits/51435 https://www.vulncheck.com/advisories/ulicms-stored-cross-site-scripting-via-svg-file-upload