Vulnerability Database

321,672

Total vulnerabilities in the database

CVE-2025-41085

Stored Cross-Site Scripting (XSS) vulnerability type in Apidog in the version 2.7.15, where SVG image uploads are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request to '/api/v1/user-avatar', which are then stored on the server and executed in the context of any user accessing the compromised resource.

Published: Feb 4, 2026
Updated: Feb 5, 2026
CVE: CVE-2025-41085
Exploit:

No technical information available.

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

No affected software listed.

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-apidog-web-platform

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo