### [CVE-2017-9516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9516)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.

### POC

#### Reference
- https://packetstormsecurity.com/files/142851/Craft-CMS-2.6-Cross-Site-Scripting-File-Upload.html
- https://www.exploit-db.com/exploits/42143/

#### Github
No PoCs found on GitHub currently.