CVE-2025-60445

Name of the Vulnerable Software and Affected Versions XunRuiCMS version 4.7.1

Description A stored Cross-Site Scripting (XSS) issue exists because of inadequate validation of SVG file uploads within the dayrui/Fcms/Library/Upload.php component. This allows attackers to inject malicious JavaScript code that will execute when the uploaded file is viewed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.