Skip to main content

Typicms

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-27621 PHP MEDIUM POC PATCH This Month

Stored XSS in TypiCMS prior to version 16.1.7 allows authenticated users to upload malicious SVG files that execute JavaScript in administrators' browsers, compromising their sessions through unsanitized file content. Public exploit code exists for this vulnerability affecting Laravel-based TypiCMS installations. The flaw stems from insufficient validation of SVG file contents despite MIME type checks being present.

Laravel XSS Typicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27621 PHP
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS in TypiCMS prior to version 16.1.7 allows authenticated users to upload malicious SVG files that execute JavaScript in administrators' browsers, compromising their sessions through unsanitized file content. Public exploit code exists for this vulnerability affecting Laravel-based TypiCMS installations. The flaw stems from insufficient validation of SVG file contents despite MIME type checks being present.

Laravel XSS Typicms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy