216.73.216.86

CVE-2025-15549

· Published 29/01/2026 20:16 · Modified 30/01/2026 16:16

Labels: CVE-2025-15549 2026-01-29CVE-2025-15549CWE-79[email protected]

Essential information

Published
29/01/2026 20:16
Modified
30/01/2026 16:16
Author
Creator
CISA KEV
No
CWE

Description

FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the uploaded file URL.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fluentcms / fluentcms cpe:2.3:a:fluentcms:fluentcms:2026:*:*:*:*:*:*:*

References