Description

Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.

Remediation

References

CVE-2017-9516

Related Vulnerabilities

Prototype CVE-2008-7220 Vulnerability (CVE-2008-7220)

WordPress Plugin Passster-Password Protection Weak Encoding (3.5.5.5.1)

WordPress Plugin Breeze-WordPress Cache Open Redirect (1.0.10)

MySQL Use of Externally-Controlled Format String Vulnerability (CVE-2009-2446)

Jenkins Improper Input Validation Vulnerability (CVE-2012-6072)

Severity

Medium

Classification

CVE-2017-9516 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities