A vulnerability marked as problematic has been reported in QloApps QloApps and within SVG files uploaded up to 1.7.0 . This impacts an unknown function of the component SVG File Handler . The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-25558 . The attack can be initiated remotely. There is not any exploit available.