CVE-2025-13415
LOWeasyimages2.0 < 2.8.6 - Cross-Site Scripting via SVG Image Handler File Parameter
Title source: llmDescription
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.693732
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.332940
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.332940
Exploit, Issue Tracking, Third Party Advisory issue-tracking
https://github.com/icret/EasyImages2.0/issues/260
Scores
CVSS v3
3.5
EPSS
0.0019
EPSS Percentile
9.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
CWE-94
Status
published
Products (1)
easyimages2.0_project/easyimages2.0
< 2.8.6
Published
Nov 19, 2025
Tracked Since
Feb 18, 2026