icret EasyImages SVG Image upload.php cross site scripting_CVE-2025-13415

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

Description

A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.

Basic Information

ID CVE-2025-13415

Source VulDB

Published Nov 19, 2025 at 22:02

Affected Product

Vendor icret

Product EasyImages

Version 2.8.0

Affected Versions icret EasyImages 2.8.0
icret EasyImages 2.8.1
icret EasyImages 2.8.2
icret EasyImages 2.8.3
icret EasyImages 2.8.4
icret EasyImages 2.8.5
icret EasyImages 2.8.6

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.",
    "published": "2025-11-19T22:02:06.240Z",
    "modified": "2025-11-19T22:02:06.240Z",
    "type": "cve",
    "title": "icret EasyImages SVG Image upload.php cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.332940\nhttps://vuldb.com/?ctiid.332940\nhttps://vuldb.com/?submit.693732\nhttps://github.com/icret/EasyImages2.0/issues/260",
    "id": "CVE-2025-13415",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "icret EasyImages 2.8.0\nicret EasyImages 2.8.1\nicret EasyImages 2.8.2\nicret EasyImages 2.8.3\nicret EasyImages 2.8.4\nicret EasyImages 2.8.5\nicret EasyImages 2.8.6",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EasyImages",
    "version": "2.8.0",
    "vendor": "icret",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}