CVE-2025-63830

Published
View on NVD ↗
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.

Shubham03007/CVE-2025-63830
Shubham03007/CVE-2025-63830
Identified a Stored Cross-Site Scripting (XSS) vulnerability in CKFinder v1.4.3 via malicious SVG file upload leading to script execution upon file preview.
GitHubGitHub