Unknown · Urve Smart Office · CVE-2025-10348
**Name of the Vulnerable Software and Affected Versions**
URVE Smart Office versions prior to 1.1.24
**Description**
URVE Smart Office is susceptible to a Stored Cross-Site Scripting (XSS) issue within the report problem functionality. An attacker possessing a low-privileged account can upload a Scalable Vector Graphics (SVG) file containing a malicious payload. Upon a victim accessing the URL of the uploaded resource, the malicious payload is executed. The resource is accessible to anyone without requiring authentication.
**Recommendations**
Upgrade to version 1.1.24 or later to address this issue.