CVE-2025-61417
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-61417
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-61417.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-61417
- Aliases
- Published
- 2025-10-20T15:15:33.700Z
- Modified
- 2025-11-17T04:29:47.449585Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to perform unauthorized actions such as modifying the admin account credentials.
- References
Affected packages
Git / github.com/tastyigniter/tastyigniter
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tastyigniter/tastyigniter
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
2.*
2.0.0
2.1.0
2.1.0-rc.1
2.1.0-rc.2
2.1.1
v1.*
v1.0-beta
v1.1-beta
v1.2-beta
v1.2.1-beta
v1.3-beta
v1.4.0-beta
v1.4.1-beta
v1.4.1.0-beta
v1.4.2-beta
v3.*
v3.0.4
v3.0.4-beta
v3.0.4-beta.10
v3.0.4-beta.11
v3.0.4-beta.12
v3.0.4-beta.13
v3.0.4-beta.14
v3.0.4-beta.15
v3.0.4-beta.16
v3.0.4-beta.17
v3.0.4-beta.18
v3.0.4-beta.19
v3.0.4-beta.2
v3.0.4-beta.20
v3.0.4-beta.20.1
v3.0.4-beta.21
v3.0.4-beta.22
v3.0.4-beta.22.1
v3.0.4-beta.22.2
v3.0.4-beta.22.3
v3.0.4-beta.22.4
v3.0.4-beta.23
v3.0.4-beta.23.1
v3.0.4-beta.23.2
v3.0.4-beta.24
v3.0.4-beta.24.1
v3.0.4-beta.24.2
v3.0.4-beta.24.3
v3.0.4-beta.24.4
v3.0.4-beta.25
v3.0.4-beta.25.1
v3.0.4-beta.25.2
v3.0.4-beta.26
v3.0.4-beta.27
v3.0.4-beta.28
v3.0.4-beta.3
v3.0.4-beta.4
v3.0.4-beta.5
v3.0.4-beta.6
v3.0.4-beta.7
v3.0.4-beta.8
v3.0.4-beta.9
v3.0.4-beta.9.1
v3.0.5
v3.0.6
v3.0.7
v3.1.0
v3.1.0-rc.1
v3.1.1
v3.1.2
v3.2.0
v3.2.1
v3.2.2
v3.3.0
v3.3.1
v3.3.2
v3.4.0
v3.4.1
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.6.0
v3.6.1
v3.6.3
v3.6.4
v3.6.5
v3.6.6
v3.6.7
v3.6.8
v3.6.9
v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.7.5
v3.7.6
v3.7.7