CVE-2025-10348

Name of the Vulnerable Software and Affected Versions URVE Smart Office versions prior to 1.1.24

Description URVE Smart Office is susceptible to a Stored Cross-Site Scripting (XSS) issue within the report problem functionality. An attacker possessing a low-privileged account can upload a Scalable Vector Graphics (SVG) file containing a malicious payload. Upon a victim accessing the URL of the uploaded resource, the malicious payload is executed. The resource is accessible to anyone without requiring authentication.

Recommendations Upgrade to version 1.1.24 or later to address this issue.