CVE-2025-59903

Name of the Vulnerable Software and Affected Versions Kubysoft (affected versions not specified)

Description A stored Cross-Site Scripting (XSS) issue exists in Kubysoft due to inadequate sanitization of uploaded SVG images. This allows attackers to embed malicious scripts within SVG files, storing them on the server. When a user accesses the compromised resource, the malicious script executes in the user's context. The issue involves the upload mechanism for SVG images.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.