Stored XSS Vulnerability in FluentCMS by Fluent
CVE-2025-70842
5.4MEDIUM
What is CVE-2025-70842?
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the File Management module of FluentCMS version 1.2.3. This security flaw permits an authenticated administrator to upload specially crafted SVG files embedded with harmful JavaScript code. Once these files are uploaded, any user who accesses the direct URL will inadvertently execute the malicious script in their browser, putting both authenticated and unauthenticated visitors at risk.
