Thaw Phone Nyo

CVE-2025-61183 NOMISEC MEDIUM WRITEUP

vaahcms 2.3.1 - Cross-Site Scripting via UserBase.php storeAvatar() Upload Method

Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar() method of UserBase.php

CVSS 6.1

View Code

CVE-2025-61183 WRITEUP MEDIUM WRITEUP

vaahcms 2.3.1 - Cross-Site Scripting via UserBase.php storeAvatar() Upload Method

Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar() method of UserBase.php

CVSS 6.1

View Code