CVE-2023-53925
MEDIUMUliCMS 2023.1 - XSS
Title source: llmDescription
UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts when viewed by other users.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Mirabbas Ağalarov · textwebappsphp
https://www.exploit-db.com/exploits/51435
Scores
CVSS v3
6.1
EPSS
0.0006
EPSS Percentile
18.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
ulicms/ulicms
2023.1
Ulicms/Ulicms
2023.1
Published
Dec 17, 2025
Tracked Since
Feb 18, 2026