Stored Cross-Site Scripting Vulnerability in UnoPim Product Information Management System
CVE-2025-55742

8HIGH

Key Information:

Vendor: Unopim
Status: Unopim
Vendor: CVE Published:; 21 August 2025

What is CVE-2025-55742?

UnoPim, an open-source Product Information Management system based on the Laravel framework, has a vulnerability that allows stored cross-site scripting (XSS) via a bypass of the SVG MIME type sanitizer at the /admin/settings/users/create endpoint. This issue affects versions prior to 0.2.1. It is crucial for users to upgrade to the latest version to mitigate the risk associated with this vulnerability.

Affected Version(s)

unopim < 0.2.1

References

https://github.com/unopim/unopim/security/advisories/GHSA...

x_refsource_CONFIRM

https://github.com/unopim/unopim/commit/49d5f6ac4d5d9ef7d...

x_refsource_MISC

https://github.com/unopim/unopim/commit/b596021b5a5e0656a...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Aug 14, 2025

Unopim

What is CVE-2025-55742?

Affected Version(s)

References

CVSS V3.1

Timeline