Shubham03007/CVE-2025-63830

Releases0

Identified a Stored Cross-Site Scripting (XSS) vulnerability in CKFinder v1.4.3 via malicious SVG file upload leading to script execution upon file preview.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-63830 ↗	Nov 14, 2025Friday, 14 November 2025, 18:15	6.1 MEDIUM	—
CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.