CVE-2025-10909

Summary

A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

Affected Software

VendorProductVersion RangeStatus
MangatiNovoSGA2.2.0affected
MangatiNovoSGA2.2.1affected
MangatiNovoSGA2.2.2affected
MangatiNovoSGA2.2.3affected
MangatiNovoSGA2.2.4affected
MangatiNovoSGA2.2.5affected
MangatiNovoSGA2.2.6affected
MangatiNovoSGA2.2.7affected
MangatiNovoSGA2.2.8affected
MangatiNovoSGA2.2.9affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References