GitHub

patrickdeanramos/WonderCMS-version-3.4.3-SVG-Stored-Cross-Site-Scripting

WonderCMS version 3.4.3 is vulnerable to stored cross-site scripting (XSS) during file uploads involving SVG files. This flaw allows attackers to execute scripts in the browsers of unsuspecting users.
Ars Technica

Adult sites are stashing exploit code inside racy .svg files

Dozens of porn sites are turning to a familiar source to generate likes on Facebook—malware that causes browsers to surreptitiously endorse the sites. This time, the sites are using a newer vehicle ...
winbuzzer.com

VirusTotal’s AI Uncovers Year-Long Malware Campaign Hidden in SVG Files

VirusTotal has uncovered a year-long malware campaign that used malicious SVG image files to impersonate the Colombian judicial system, evading traditional antivirus detection. The discovery occurred ...