CVE-2025-56514: Fiora chat user avatar is vulnerable to XSS via SVG files
(updated )
Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0.0 allows arbitrary JavaScript execution when malicious SVG files are rendered by other users.
References
Code Behaviors & Features
Detect and mitigate CVE-2025-56514 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →