CVE-2025-55742

High CVSS: 8.0

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed in 0.2.1.

Vendor

Webkul

Product

Unopim

CWE

CWE-79

Yayın Tarihi

2025-08-21 16:15:34

Güncelleme

2025-08-22 21:55:09

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Unopim HIGH Webkul 2025

Referanslar

https://github.com/unopim/unopim/commit/49d5f6ac4d5d9ef7d9cdfe01853234d531c55f75 https://github.com/unopim/unopim/commit/b596021b5a5e0656abe16c01ae0e84c95f9fe902 https://github.com/unopim/unopim/commit/b5e169e65725e0d80b6c79d57e62a25e1af6a3c3 https://github.com/unopim/unopim/security/advisories/GHSA-xr97-25v7-hc2q

Benzer Kayıtlar

Medium

CVE-2021-41074

A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a…

Critical

CVE-2025-67325

Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows remote unauthenticated…

High

CVE-2026-21449

Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template in…

High

CVE-2026-21450

Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template in…

Medium

CVE-2026-21451

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting (XSS) vulnerability exists in Bagist…

High

CVE-2026-21448

Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template in…