CVE-2025-51489

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-51489

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-51489.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-51489

Aliases

GHSA-8xfq-7f6m-mpmf

Published

2025-08-19T15:15:28.753Z

Modified

2025-11-20T12:37:39.504451Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened.

References

Affected packages

Git / github.com/moonshine-software/moonshine

Affected ranges

Type: GIT
Repo: https://github.com/moonshine-software/moonshine
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7102fb113627870fb1cb7176e1d0d95bb47a7fd4

Affected versions

1.*

1.0.0

1.1.0

1.10.0

1.11.0

1.12.0

1.13.0

1.14.0

1.14.1

1.15.0

1.15.1

1.15.2

1.15.3

1.16.0

1.17.0

1.17.1

1.18.0

1.19.0

1.19.1

1.2.0

1.2.1

1.2.2

1.20.0

1.20.1

1.21.0

1.21.1

1.21.2

1.22.0

1.22.1

1.23.0

1.23.1

1.23.2

1.24.0

1.25.0

1.25.1

1.25.2

1.25.3

1.25.4

1.25.5

1.25.6

1.25.7

1.25.8

1.26.0

1.26.1

1.27.0

1.27.1

1.27.2

1.27.3

1.28.0

1.3.0

1.4.0

1.5.0

1.5.1

1.5.2

1.5.4

1.5.5

1.50.0

1.50.0-beta

1.50.0-rc1

1.50.0-rc2

1.50.0-rc3

1.50.0-rc4

1.50.1

1.50.2

1.50.3

1.50.4

1.51.0

1.51.1

1.51.2

1.51.3

1.52.0

1.52.1

1.52.2

1.52.3

1.52.4

1.52.5

1.53.0

1.53.1

1.53.2

1.53.3

1.54.0

1.55.0

1.55.1

1.55.2

1.56.0

1.56.0-rc1

1.56.0-rc2

1.57.0

1.57.1

1.57.2

1.57.3

1.57.4

1.58.0

1.58.0-rc1

1.58.0-rc2

1.58.1

1.58.2

1.59.0

1.59.0-rc1

1.59.1

1.59.2

1.59.3

1.59.4

1.6.0

1.6.1

1.6.2

1.60.0

1.60.1

1.60.2

1.60.3

1.60.4

1.60.5

1.61.0

1.61.1

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.8.0

1.8.1

1.9.0

1.9.1

1.9.2

1.9.3

1.9.4

2.*

2.0.0

2.0.0-alpha.1

2.0.0-alpha.2

2.0.0-alpha.3

2.0.0-beta.1

2.0.0-beta.2

2.0.0-rc.1

2.0.0-rc.2

2.0.0-rc.3

2.1.0

2.10.0

2.10.1

2.10.2

2.10.3

2.10.4

2.10.5

2.10.6

2.10.7

2.11.1

2.11.2

2.11.3

2.11.4

2.11.5

2.11.6

2.11.7

2.12.0

2.12.1

2.12.2

2.13.0

2.13.1

2.14.0

2.14.1

2.14.2

2.14.3

2.14.4

2.2.0

2.2.1

2.2.2

2.3.0

2.4.0

2.4.1

2.4.2

2.4.3

2.5.0

2.5.1

2.5.2

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.8.0

2.8.1

2.9.0

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

3.*

3.0.0

3.0.0-alpha

3.0.0-beta.1

3.0.0-beta.2

3.0.0-rc.1

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.10.0

3.10.1

3.10.2

3.10.3

3.11.0

3.11.0-rc1

3.12.0

3.12.1

3.12.2

3.12.3

3.12.4

3.2.0

3.2.1

3.2.2

3.2.3

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.3.7

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.6

3.4.7

3.4.8

3.5.0

3.5.0-rc

3.5.0-rc.2

3.5.1

3.5.2

3.6.0

3.6.1

3.6.2

3.6.3

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.7.5

3.7.6

3.7.7

3.8.0

3.8.1

3.8.10

3.8.11

3.8.2

3.8.3

3.8.4

3.8.5

3.8.6

3.8.7

3.8.8

3.8.9

3.9.0

3.9.1