ByteOS Network

NVD Vulnerability Details :

CVE-2025-15549

Awaiting Analysis

Source-disclosure@vulncheck.com

Published At-29 Jan, 2026 | 20:16

Updated At-23 Feb, 2026 | 17:23

FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the uploaded file URL.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	4.8	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	4.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Type: Secondary

Version: 4.0

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

References

Hyperlink	Source	Resource
https://github.com/fluentcms/FluentCMS/issues/2404	disclosure@vulncheck.com	N/A
https://www.vulncheck.com/advisories/fluentcms-stored-xss-via-svg-upload-in-file-management	disclosure@vulncheck.com	N/A

Hyperlink: https://github.com/fluentcms/FluentCMS/issues/2404

Source: disclosure@vulncheck.com

Resource: N/A

Hyperlink: https://www.vulncheck.com/advisories/fluentcms-stored-xss-via-svg-upload-in-file-management

Source: disclosure@vulncheck.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History