CVE-2025-60453

Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0

Description A stored Cross-Site Scripting (XSS) issue exists in MetInfo CMS. The vulnerability is located in the column management module, specifically within the appsystemcolumnadminindex.class.php component. Attackers can exploit this to upload malicious SVG files that contain JavaScript code. When these files are viewed or accessed by users, the embedded JavaScript code executes.

Recommendations Update to a newer version that contains a fix for this vulnerability.