Stored Cross-Site Scripting (XSS) in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it.
CVSS
No CVSS.
References
Configurations
No configuration.
History
04 Apr 2025, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-04-04 13:15
Updated : 2025-04-04 13:15
NVD link : CVE-2025-3189
Mitre link : CVE-2025-3189
JSON object : View
Products Affected
No product.
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')