CNNVD-202512-3223 Information
CNNVD ID
CNNVD-202512-3223
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
UliCMS是UliCMS开源的一个内容管理系统(CMS)。该系统支持访问控制和所见即所得编辑等功能。 UliCMS 2023.1版本存在跨站脚本漏洞,该漏洞源于攻击者可上传嵌入JavaScript的恶意SVG文件,可能导致存储型跨站脚本攻击。
Description (English)
UlICMS is a UliCMS open source content management system (CMS). The system supports features such as access control and the resulting editing. The UliCMS version 2023.1 has a cross-site script loophole, which stems from the fact that the assailant can upload a malicious SVG file embedded in JavaScript, which could result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
UliCMS
Published
2025-12-17
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/51435 https://www.vulncheck.com/advisories/ulicms-stored-cross-site-scripting-via-svg-file-upload https://en.ulicms.de/ https://web.archive.org/web/20230314183734/ https://access.redhat.com/security/cve/cve-2023-53925
Share on: