Vulnerability Description
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Easyimages2.0 Project | Easyimages2.0 | <= 2.8.6 |
Related Weaknesses (CWE)
References
- https://github.com/icret/EasyImages2.0/issues/260ExploitIssue TrackingThird Party Advisory
- https://vuldb.com/?ctiid.332940Permissions RequiredVDB Entry
- https://vuldb.com/?id.332940Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.693732Third Party AdvisoryVDB Entry
- https://github.com/icret/EasyImages2.0/issues/260ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2025-13415?
CVE-2025-13415 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads...
How severe is CVE-2025-13415?
CVE-2025-13415 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-13415?
Check the references section above for vendor advisories and patch information. Affected products include: Easyimages2.0 Project Easyimages2.0.