Vulnerability Database

299,030

Total vulnerabilities in the database

CVE-2025-61417

Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to perform unauthorized actions such as modifying the admin account credentials.

Published: Oct 20, 2025
Updated: Oct 21, 2025
CVE: CVE-2025-61417
GHSA: GHSA-4vrf-42cm-7xfw
Severity: Low
Exploit:

No technical information available.

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
tastyigniter / tastyigniter	-	3.7.7.x

https://github.com/mg7-x/CVEs/blob/main/CVE-2025-61417/README.md

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo