Amine Sajid

**Name of the Vulnerable Software and Affected Versions** goodlayers-core versions prior to 2.1.3 **Description** The issue allows users with a subscriber role or above to upload SVG files that contain malicious payloads. This can be exploited by uploading SVGs with harmful content. **Recommendations** goodlayers-core versions prior to 2.1.3: Update to version 2.1.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitized and escaped before being outputted back in the page. This could be used against high-privilege users, such as admins. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.