Stored XSS Vulnerability in FluentCMS by Fluent
CVE-2025-70842

5.4MEDIUM

Key Information:

Vendor

Fluent

Status
Vendor
CVE Published:
12 May 2026

What is CVE-2025-70842?

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the File Management module of FluentCMS version 1.2.3. This security flaw permits an authenticated administrator to upload specially crafted SVG files embedded with harmful JavaScript code. Once these files are uploaded, any user who accesses the direct URL will inadvertently execute the malicious script in their browser, putting both authenticated and unauthenticated visitors at risk.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.