CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-15549

FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the uploaded file URL.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.3%

CVSS Severity

CVSS v3 Score 4.8

References

https://github.com/fluentcms/FluentCMS/issues/2404
https://www.vulncheck.com/advisories/fluentcms-stored-xss-via-svg-upload-in-file-management

Products affected by CVE-2025-15549

Fluentcms » Fluentcms » Version: Any

cpe:2.3:a:fluentcms:fluentcms:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-15549

Products

Pricing

Contact Us