CVE-2025-61417

EPSS 0.09%

TastyIgniter vulnerable to Cross-Site Scripting

發布日:2025/10/20修改日:2025/10/20

描述

Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to perform unauthorized actions such as modifying the admin account credentials.

受影響套件(1)

Packagist/tastyigniter/tastyigniterfrom 0, <= 3.7.7

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-61417
PATCHhttps://github.com/tastyigniter/TastyIgniter
WEBhttps://github.com/mg7-x/CVEs/blob/main/CVE-2025-61417/README.md