CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-60445

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code that executes when the uploaded file is viewed.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.9%

CVSS Severity

CVSS v3 Score 6.1

References

https://snowhy77.github.io/2025/08/18/File-Upload-to-Achieve-Stored-XSS-Attack/

Products affected by CVE-2025-60445

Xunruicms » Xunruicms » Version: 4.7.1

cpe:2.3:a:xunruicms:xunruicms:4.7.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-60445

Products

Pricing

Contact Us