CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Xunruicms: >> Xunruicms >> 4.7.1 Security Vulnerabilities

CVE-2025-60445

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code that executes when the uploaded file is viewed.

CVSS Score

6.1

EPSS Score

0.001

Published

2025-10-03

Page 1

Vulnerabilities

Vulnerable Software

Xunruicms: >> Xunruicms >> 4.7.1 Security Vulnerabilities

Products

Pricing

Contact Us