XSS in Mycomplianceoffice Mco

CVE-2026-53907

MCO is vulnerable to Stored Cross‑Site Scripting (XSS) via the application logo upload functionality. An attacker with the ability to change the application logo can upload a crafted SVG file containing malicious JavaScript code that is ex…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Weakness classification (CWE)

References