CVE-2025-60454

Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0

Description A stored Cross-Site Scripting (XSS) issue exists in the image management module of the software. The vulnerability is located in the appsystemimgadminimg admin.class.php component. Attackers can upload malicious SVG files containing JavaScript code. This code executes when the uploaded file is viewed or accessed by users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.