CVE-2025-56514

MEDIUM

Suisuijiang Fiora - XSS

Title source: rule

Description

Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users.

Exploits (1)

nomisec WRITEUP
by Kov404 · poc
https://github.com/Kov404/CVE-2025-56514

References (3)

Scores

CVSS v3 5.4
EPSS 0.0001
EPSS Percentile 1.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
npm/fiora npm
suisuijiang/fiora 1.0.0
Published Oct 01, 2025
Tracked Since Feb 18, 2026