CVE-2025-56514: Fiora chat user avatar is vulnerable to XSS via SVG files
Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0.0 allows arbitrary JavaScript execution when malicious SVG files are rendered by other users.
References
Code Behaviors & Features
Detect and mitigate CVE-2025-56514 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →