CVE-2025-61183
Published
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS
Description
Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar() method of UserBase.php
GitHubVaahCMS is a laravel based open-source web application development platform shipped with a headless content management system (CMS).
GitHub