Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
Stored XSS via SVG Upload in AlegroCart v1.2.9 Exploited Through Content-Type Spoofing
Malware and Vulnerabilities
April 24, 2025
Seclists
AlegroCart v1.2.9 has been identified with a stored Cross-Site Scripting (XSS) vulnerability. The flaw allows attackers to upload a malicious SVG file containing embedded JavaScript.
Read More
AlegroCart
Cross Site Scripting (XSS) Attacks
Publisher
Previous
Russian Infrastructure Plays Crucial Role in North Kore ...
Threat Actors
Next
Blue Shield of California leaked health data of 4.7 mil ...
Breaches and Incidents
/https://cyware-ent.s3.amazonaws.com/image_bank/647f_shutterstock_670824205.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/c1f2_shutterstock_2441937653.jpg)
