| Title | GitHub EasyImages2.0 <=V2.8.6 Improper Neutralization of Alternate XSS Syntax |
|---|
| Description | EasyImages supports multi file upload, simple without database, and returns image url, markdown, bbscode, html, a graphic bed program demo address: https://png.cm/ The graph bed program that has been used before is: PHP multi graph long distance transmission program 2.4.3. Due to its old version and false upload, under the trend of the current popularity of html5, it uses basic knowledge to write a new one with html5 as the default upload and supports flash, which is downward compatible to IE9. This project has an XSS vulnerability, which can be used by attackers to obtain sensitive information. |
|---|
| Source | ⚠️ https://github.com/icret/EasyImages2.0/issues/260 |
|---|
| User | naixiao (UID 92174) |
|---|
| Submission | 11/12/2025 08:54 (7 months ago) |
|---|
| Moderation | 11/19/2025 15:41 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 332940 [icret EasyImages up to 2.8.6 SVG Image /app/upload.php File cross site scripting] |
|---|
| Points | 20 |
|---|