Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FluentCMS 2026 Stored XSS via SVG Upload in File Management
Vulnerability Description
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the uploaded file URL.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
FluentCMS 跨站脚本漏洞
Vulnerability Description
FluentCMS是FluentCMS开源的一个内容管理系统。 FluentCMS 2026版本存在跨站脚本漏洞,该漏洞源于经过身份验证的管理员可通过文件管理模块上传嵌入JavaScript的SVG文件,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A