icret EasyImages ଯେପର୍ଯ୍ୟନ୍ତ 2.8.6 SVG Image /app/upload.php ଫାଇଲ୍ କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ

Dogoggorri kan akka ସମସ୍ୟାଜନକ jedhamuun ramadame icret EasyImages ଯେପର୍ଯ୍ୟନ୍ତ 2.8.6 keessatti argameera. Kan miidhamte is hojii hin beekamne faayilii /app/upload.php keessa kutaa SVG Image Handler keessa. Hojii jijjiirraa irratti gaggeeffame ଫାଇଲ୍ gara କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-79 geessa. Dadhabbii kana yeroo 11/19/2025 maxxanfameera akka 260. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2025-13415tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Meeshaa balaa kana fayyadamuuf hin jiru. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ଅପରିଭାଷିତ jedhamee ibsameera. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 ଆଡାପ୍ଟେସନ୍ · 94 ପଏଣ୍ଟ

ଫିଲ୍ଡସୃଷ୍ଟି ହୋଇଛି
11/19/2025 03:46 PM		ଅଦ୍ୟତନ 1/2
11/20/2025 12:49 PM		ଅଦ୍ୟତନ 2/2
11/27/2025 10:22 AM
cvss4_vuldb_siNNN
cvss4_vuldb_saNNN
cvss4_vuldb_eXXX
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore3.83.83.8
cvss3_vuldb_basescore3.53.53.5
cvss3_vuldb_tempscore3.43.43.4
cvss3_meta_basescore3.53.54.1
cvss3_meta_tempscore3.43.44.1
cvss4_vuldb_bscore5.15.15.1
cvss4_vuldb_btscore5.15.15.1
advisory_date1763506800 (11/19/2025)1763506800 (11/19/2025)1763506800 (11/19/2025)
price_0day$0-$5k$0-$5k$0-$5k
software_vendoricreticreticret
software_nameEasyImagesEasyImagesEasyImages
software_version<=2.8.6<=2.8.6<=2.8.6
software_componentSVG Image HandlerSVG Image HandlerSVG Image Handler
software_file/app/upload.php/app/upload.php/app/upload.php
software_argumentfilefilefile
vulnerability_cweCWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)
vulnerability_risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rcRRR
advisory_identifier260260260
advisory_urlhttps://github.com/icret/EasyImages2.0/issues/260https://github.com/icret/EasyImages2.0/issues/260https://github.com/icret/EasyImages2.0/issues/260
source_cveCVE-2025-13415CVE-2025-13415CVE-2025-13415
cna_responsibleVulDBVulDBVulDB
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_rcURURUR
cvss4_vuldb_avNNN
cvss4_vuldb_acLLL
cvss4_vuldb_uiPPP
cvss4_vuldb_vcNNN
cvss4_vuldb_viLLL
cvss4_vuldb_vaNNN
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss4_vuldb_atNNN
cvss4_vuldb_prLLL
cvss4_vuldb_scNNN
cve_nvd_summaryA vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.
cvss4_cna_avNN
cvss4_cna_acLL
cvss4_cna_atNN
cvss4_cna_prLL
cvss4_cna_uiPP
cvss4_cna_vcNN
cvss4_cna_viLL
cvss4_cna_vaNN
cvss4_cna_scNN
cvss4_cna_siNN
cvss4_cna_saNN
cvss4_cna_bscore5.15.1
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiRR
cvss3_cna_sUU
cvss3_cna_cNN
cvss3_cna_iLL
cvss3_cna_aNN
cvss3_cna_basescore3.53.5
cvss2_cna_avNN
cvss2_cna_acLL
cvss2_cna_auSS
cvss2_cna_ciNN
cvss2_cna_iiPP
cvss2_cna_aiNN
cvss2_cna_basescore44
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cvss3_nvd_basescore5.4

ପଛକୁସମୀକ୍ଷାଆହୁରି ଦୂରରେ

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!