hunterxxx/FuguHub-8.1-Reflected-SVG-XSS-CVE-2025-65790

hunterxxx/FuguHub-8.1-Reflected-SVG-XSS-CVE-2025-65790

Releases0

Stars1

Reflected Cross-Site Scripting (XSS) via SVG Rendering in FuguHub

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-65790 ↗	Dec 22, 2025Monday, 22 December 2025, 20:15	6.1 MEDIUM	—
A reflected cross-site scripting (XSS) vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline <script> element, the browser executes the attacker-controlled JavaScript.