CVE-2025-10253

LOW

openDCIM 23.04 - Cross-Site Scripting via SVG File Handler in uploadifive.php

Title source: llm

Description

A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.323613

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.323613

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.642716

Various Sources exploit

https://github.com/lam-sec/openDCIMpoc

View Exploit ZIP pw:eip

Scores

CVSS v3 3.5

EPSS 0.0025

EPSS Percentile 15.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

n/a/openDCIM 23.04

Published Sep 11, 2025

Tracked Since Feb 18, 2026