CVE-2025-60452

Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0

Description A stored Cross-Site Scripting (XSS) issue exists in the download management module of the software. The vulnerability is located in the appsystemdownloadadmindownload admin.class.php component. Attackers can upload malicious SVG files containing JavaScript code. This code executes when a user views or accesses the uploaded file.

Recommendations Update to a newer version that contains a fix for this vulnerability.