CVE-2026-30948 | parse-community parse-server up to 8.6.16/9.0.0 9.5.2-alpha.3 SVG File Parser cross site scripting (GHSA-hcj7-6gxh-24ww)

Inserito da Angelo Barbosa | Mar 11, 2026 | CVE

A vulnerability identified as problematic has been detected in parse-community parse-server up to 8.6.16/9.0.0 9.5.2-alpha.3. Affected is an unknown function of the component SVG File Parser. The manipulation leads to cross site scripting.

This vulnerability is documented as CVE-2026-30948. The attack can be initiated remotely. There is not any exploit available.

You should upgrade the affected component.

CVE-2026-30948 | parse-community parse-server up to 8.6.16/9.0.0 9.5.2-alpha.3 SVG File Parser cross site scripting (GHSA-hcj7-6gxh-24ww)

Post correlati

CVE-2023-50740 | Apache Linkis DataSource up to 1.4.x log file

CVE-2024-34946 | Tenda FH1206 1.2.0.8 ip/goform/DhcpListClient page stack-based overflow

CVE-2024-10660 | ESAFENET CDG 5 HookService.java deleteHook hookId sql injection

CVE-2024-47035 | Google Android virtio_ring.h vring_init out-of-bounds write