CVE-2026-25133 | October LMS up to 3.7.13/4.1.9 SVG File Parser cross site scripting (GHSA-gcqv-f29m-67gr)

A vulnerability, which was classified as problematic, has been found in October LMS up to 3.7.13/4.1.9. This issue affects some unknown processing of the component SVG File Parser. Performing a manipulation results in cross site scripting.

This vulnerability was named CVE-2026-25133. The attack may be initiated remotely. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More