CVE-2026-38948 - FUEL CMS SVG Upload XSS
CVE ID :CVE-2026-38948 Published : April 28, 2026, 4:16 p.m. | 16 minutes ago Description :Cross-Site Scripting (XSS) vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileg
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Aave, Compound Unveil Technical Plan to Address Fallout From $290M Kelp DAO Hack
- [CYBER] Cyber Command, NSA chief warns foreign adversaries likely to target midterms
- [CYBER] Vimeo Confirms User and Customer Data Breach
- [CYBER] Video site Vimeo blames security incident on Anodot breach
- [CYBER] CVE-2026-41873 - Pony Mail: Admin account takeover via request smuggling
- [CYBER] CVE-2026-38651 - Netmaker JWT Authentication Bypass Vulnerability