Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Kubysoft: Malicious SVGs Can Run Harmful Code on Your Site
CVE-2025-59903
Summary
Kubysoft is vulnerable to a security threat where attackers can embed malicious code in SVG images. This means that if you upload an infected SVG, it can harm visitors to your website. To stay safe, ensure you only upload SVGs from trusted sources and consider using a security plugin to scan your files for potential threats.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| kubysoft | kubysoft | All versions | – |
Original title
Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual conten...
Original description
Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromised resource.
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 16 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026