Han Tek Foo

1 exploit Active since Dec 2025
CVE-2025-65790 NOMISEC MEDIUM WORKING POC
FuguHub 8.1 - Reflected Cross-Site Scripting via SVG File in File Manager
A reflected cross-site scripting (XSS) vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline <script> element, the browser executes the attacker-controlled JavaScript.
1 stars
CVSS 6.1