Description
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed in 0.2.1.
References (4)
Core 4
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/unopim/unopim/security/advisories/GHSA-xr97-25v7-hc2q
Patch x_refsource_misc
https://github.com/unopim/unopim/commit/49d5f6ac4d5d9ef7d9cdfe01853234d531c55f75
Patch x_refsource_misc
https://github.com/unopim/unopim/commit/b596021b5a5e0656abe16c01ae0e84c95f9fe902
Patch x_refsource_misc
https://github.com/unopim/unopim/commit/b5e169e65725e0d80b6c79d57e62a25e1af6a3c3
Scores
CVSS v3
8.0
EPSS
0.0004
EPSS Percentile
11.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
unopim/unopim
0 - 0.2.1Packagist
webkul/unopim
< 0.2.1
Published
Aug 21, 2025
Tracked Since
Feb 18, 2026