CVE-2025-65790

Name of the Vulnerable Software and Affected Versions FuguHub version 8.1

Description A reflected cross-site scripting (XSS) issue exists when serving SVG files through the /fs/ file manager interface. The software does not sanitize or restrict script execution within SVG content. An attacker can craft an SVG file containing an inline <script> element, and when a victim opens this file, the attacker-controlled JavaScript will be executed by the browser. The vulnerable component is the SVG file handling process within the file manager interface.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, avoid opening untrusted SVG files through the /fs/ file manager interface.