A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who accesses the direct URL of the image, including unauthenticated visitors.
References
Configurations
No configuration.
History
12 May 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/fluentcms/FluentCMS/issues/2404 - | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
| CWE | CWE-79 |
12 May 2026, 15:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-12 15:16
Updated : 2026-06-17 10:03
NVD link : CVE-2025-70842
Mitre link : CVE-2025-70842
CVE.ORG link : CVE-2025-70842
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
