Romancode Mapsvg vulnerabilities
14 known vulnerabilities affecting romancode/mapsvg.
Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH2MEDIUM8
Vulnerabilities
Page 1 of 1
CVE-2025-47558P2HIGHCVSS 7.5Exploited≤ 8.6.132025-05-23
CVE-2025-47558 [HIGH] CWE-862 CVE-2025-47558: Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Pr
Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through < 8.6.13.
nvd
CVE-2025-68562P2CRITICALCVSS 9.9≥ n/a, ≤ 8.7.32025-12-29
CVE-2025-68562 [CRITICAL] CWE-434 CVE-2025-68562: Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a We
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.3.
nvd
CVE-2025-47559P2CRITICALCVSS 9.9≤ 8.7.42025-06-17
CVE-2025-47559 [CRITICAL] CWE-434 CVE-2025-47559: Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg allows Uplo
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through < 8.7.4.
nvd
CVE-2025-32682P2CRITICALCVSS 9.9≤ 8.6.42025-04-17
CVE-2025-32682 [CRITICAL] CWE-434 CVE-2025-32682: Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg-lite-intera
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through <= 8.6.4.
nvd
CVE-2025-54669P2CRITICALCVSS 9.3≤ 8.7.42025-08-14
CVE-2025-54669 [CRITICAL] CWE-89 CVE-2025-54669: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG mapsvg allows SQL Injection.This issue affects MapSVG: from n/a through < 8.7.4.
nvd
CVE-2025-47561P3HIGHCVSS 8.8≤ 8.6.132025-06-09
CVE-2025-47561 [HIGH] CWE-266 CVE-2025-47561: Incorrect Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.
Incorrect Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.This issue affects MapSVG: from n/a through < 8.6.13.
nvd
CVE-2025-54748P3MEDIUMCVSS 6.5≤ 8.6.122025-12-18
CVE-2025-54748 [MEDIUM] CWE-22 CVE-2025-54748: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Roma
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RomanCode MapSVG mapsvg allows Path Traversal.This issue affects MapSVG: from n/a through < 8.6.12.
nvd
CVE-2025-47562P4MEDIUMCVSS 5.3≤ 8.5.342025-05-16
CVE-2025-47562 [MEDIUM] CWE-94 CVE-2025-47562: Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG mapsvg a
Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG mapsvg allows Code Injection.This issue affects MapSVG: from n/a through <= 8.5.34.
nvd
CVE-2025-48120P4MEDIUMCVSS 5.3≤ 8.6.92025-05-16
CVE-2025-48120 [MEDIUM] CWE-94 CVE-2025-48120: Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG mapsvg-l
Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Code Injection.This issue affects MapSVG: from n/a through <= 8.6.9.
nvd
CVE-2025-47557P4MEDIUMCVSS 6.5≤ 8.5.312025-05-16
CVE-2025-47557 [MEDIUM] CWE-79 CVE-2025-47557: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG mapsvg allows Stored XSS.This issue affects MapSVG: from n/a through <= 8.5.31.
nvd
CVE-2025-62930P4MEDIUMCVSS 6.5≤ 8.7.222025-10-27
CVE-2025-62930 [MEDIUM] CWE-79 CVE-2025-62930: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through <= 8.7.22.
nvd
CVE-2025-32684P4MEDIUMCVSS 5.0≤ 8.6.42025-04-09
CVE-2025-32684 [MEDIUM] CWE-862 CVE-2025-32684: Missing Authorization vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows E
Missing Authorization vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through <= 8.6.4.
nvd
CVE-2025-47560P4MEDIUMCVSS 5.0≤ 8.6.132025-05-16
CVE-2025-47560 [MEDIUM] CWE-862 CVE-2025-47560: Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Exploiting Incorrectly Configu
Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through < 8.6.13.
nvd
CVE-2025-32683P4MEDIUMCVSS 6.5≤ 8.6.62025-04-09
CVE-2025-32683 [MEDIUM] CWE-79 CVE-2025-32683: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through <= 8.6.6.
nvd