← Retour aux CVEs
CVE-2025-59903
MEDIUM5.4
Description
Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromised resource.
Details CVE
Score CVSS v3.15.4
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurREQUIRED
Publie2/16/2026
Derniere modification3/9/2026
Sourcenvd
Observations honeypot0
Produits affectes
kubysoft:kubysoft
Faiblesses (CWE)
CWE-79
References
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-kubysoft(cve-coordination@incibe.es)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.