[MEDIUM] juzaweb CMS allows cross-site scripting by uploading an SVG file

PKSA-wym3-mj3y-byq2 CVE-2025-5420 GHSA-49rr-34j5-r8mw

Affected package: juzaweb/cms

Affected version: <=3.4.2

Reported by:
GitHub