CVE-2025-13415

Medium CVSS: 5.1

A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.

Vendor

Easyimages2.0 Project

Product

Easyimages2.0

CWE

CWE-79

Yayın Tarihi

2025-11-19 22:16:03

Güncelleme

2025-11-25 19:31:45

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 Easyimages2.0 MEDIUM Easyimages2.0 Project 2025

Referanslar

https://github.com/icret/EasyImages2.0/issues/260 https://vuldb.com/?ctiid.332940 https://vuldb.com/?id.332940 https://vuldb.com/?submit.693732 https://github.com/icret/EasyImages2.0/issues/260

Benzer Kayıtlar

Critical

CVE-2025-65474

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows att…

High

CVE-2025-65471

An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows att…

High

CVE-2025-65472

A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows atta…

Critical

CVE-2025-65473

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attac…