Key Information Vulnerability Overview Vulnerability Type: Authenticated Stored XSS Affected Software: Vvweb 1.0.5 Severity: High (CVSS Score: 8.0) Vulnerability Details Affected Endpoints: - - Attack Method: Trigger XSS by uploading a malicious SVG image. Impact Affected Assets: User cookies, cookies of other site administrators, editors, or super administrators. User Interaction: Requires the user to open the image in a new tab to trigger the payload, but the payload executes silently without the user’s knowledge. Reproduction Steps 1. Access the affected endpoint to view a post or page. 2. Edit the post or page and upload a malicious image containing the following SVG code: 3. Open the full image path to trigger the XSS payload. PoC Video A proof-of-concept video is provided, demonstrating how to reproduce the vulnerability.