Description Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file. Remediation References CVE-2017-9516 Related Vulnerabilities WordPress Plugin HT Slider Range for Amazon affiliates Cross-Site Scripting (1.1.5) WordPress Plugin WordPress Robots.txt optimization (+ XML Sitemap)-Website traffic, SEO & ranking Booster Security Bypass (1.2.5.1) WordPress Plugin Complianz-GDPR/CCPA Cookie Consent SQL Injection (6.3.3) Oracle Database Server CVE-2013-3774 Vulnerability (CVE-2013-3774) MySQL CVE-2015-4792 Vulnerability (CVE-2015-4792) Severity Medium Classification CVE-2017-9516 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N Tags Missing Update Known Vulnerabilities