CVE-2025-15549

Name of the Vulnerable Software and Affected Versions FluentCMS version 2026

Description FluentCMS version 2026 has a stored cross-site scripting issue. Authenticated administrators can upload SVG files containing JavaScript through the File Management module. An attacker can upload a malicious SVG file, and when a user accesses the file’s URL, JavaScript will execute in their browser. The vulnerable module is the File Management module, and the attack vector involves uploading SVG files.

Recommendations Apply updates to address the issue in the File Management module. Restrict file uploads to trusted sources. Sanitize uploaded SVG files to remove any embedded JavaScript code.