CVE 8 HIGH

UnoPim Stored XSS via SVG MIME/Sanitizer Bypass_CVE-2025-55742

August 21, 2025 invoker category_cve
8 / 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Description

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed in 0.2.1.

Basic Information

ID CVE-2025-55742
Source GitHub_M
Published Aug 21, 2025 at 15:36

Affected Product

Vendor unopim
Product unopim
Version < 0.2.1
Affected Versions unopim unopim < 0.2.1

CWE Classification

CWE-79

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.