CNNVD-202510-052 Information

CNNVD ID

CNNVD-202510-052

Related CVE

CVE-2025-56515

• CNNVD Published: 2025-10-01

Description (Chinese)

Fiora ·是yinxin630个人开发者的一个聊天应用程序。 Fiora 1.0.0版本存在安全漏洞，该漏洞源于用户头像上传功能未验证SVG文件内容，可能导致执行任意JavaScript代码。

Description (English)

Fiora is a chat application for yinxin 630 individual developers. There is a security loophole in the version of Fiora 1.00, which stems from the failure of the user image uploading function to verify the content of the SVG file, which could lead to the implementation of any JavaScript code.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-10-01

Last Modified

2026-02-24

References

https://fiora.suisuijiang.com/ https://github.com/Kov404/CVE-2025-56515/tree/main https://github.com/yinxin630/fiora