PT-2025-51963 · Ulicms · Ulicms
Mirabbas Ağalarov
·
Published
2025-12-17
·
Updated
2025-12-20
·
CVE-2023-53925
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
UliCMS version 2023.1
Description
The software contains a stored cross-site scripting issue that enables attackers to upload malicious SVG files containing JavaScript. Attackers can upload these crafted SVG files through the file management interface. When other users view these files, arbitrary scripts are executed.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ulicms