Description

eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application origin. A victim who opens the SVG URL or any page embedding it could have their session hijacked, data exfiltrated, or actions performed on their behalf. This vulnerability is fixed n 5.3.0.

INFO

Published Date :

2025-10-27T21:25:45.642Z

Last Modified :

2025-10-28T15:05:40.686Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-62793 vulnerability.

Vendors Products
Elabftw
  • Elabftw
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62793.

URL Resource
https://github.com/elabftw/elabftw/commit/09b95e38f82f041edac0dd6962c70499e2d8d8e2 cve-icon cve-icon
https://github.com/elabftw/elabftw/security/advisories/GHSA-rq98-8jh9-684f cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact