CVE-2025-60451

Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0

Description A stored Cross-Site Scripting (XSS) flaw exists because of inadequate validation and sanitization of SVG file uploads. The issue is located in the appsystemincludemoduleuploadify.class.php component within the website settings module. Attackers can upload malicious SVG files containing JavaScript code that will execute when the uploaded file is viewed or accessed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.