CVE-2025-10909 | Mangati NovoSGA up to 2.2.9 SVG File /admin logoNavbar/logoLogin cross site scripting

A vulnerability classified as problematic has been found in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting.

This vulnerability is known as CVE-2025-10909. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10909 | Mangati NovoSGA up to 2.2.9 SVG File /admin logoNavbar/logoLogin cross site scripting

Post correlati

CVE-2024-46293 | SourceCodester Online Medicine Ordering System 1.0 access control

CVE-2024-28145 | Image Access Scan2Net GET Parameter dbconnector.php sql injection

CVE-2025-53703 | DuraComm SPM-500 DP-10iN-100-MU prior 4.10A cleartext transmission (icsa-25-203-01)

CVE-2023-52364 | Huawei HarmonyOS/EMUI RSMC Module buffer overflow