CVE-2025-60450

Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0

Description A stored Cross-Site Scripting (XSS) flaw exists due to inadequate validation and sanitization of SVG file uploads within the appsystemincludemoduleeditorUploader.class.php component. This allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.