CVE-2026-25558 — QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG fi — CVE Database · The Intelligence Room