Back to search
CVE-2025-10348
Published: Oct 30, 2025
Modified: Oct 30, 2025
PUBLISHED
Description
URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without any form of authentication. This issue was fixed in version 1.1.24.
| Vendor | Product | Versions |
|---|---|---|
Eveo | URVE Smart Office | affected 0 - < 1.1.24 |
Weaknesses (CWE)
References
https://cert.pl/posts/2025/10/CVE-2025-10348
third-party-advisory
https://smartoffice.expert/
product
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now