Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:35714
HistoryMay 26, 2022 - 5:55 a.m.

Cross-Site Scripting (XSS)

2022-05-2605:55:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
cross-site scripting
svg files
validation
attack
execution
fof upload

EPSS

0.001

Percentile

36.5%

fof/upload is vulnerable to cross-site scripting. The vulnerability exists in FoF Upload because the uploaded SVG files are not properly validated which allows an attacker to inject and execute arbitrary javascript.

Affected configurations

Vulners
Node
-fof\/uploadRange1.2.2
VendorProductVersionCPE
-fof\/upload*cpe:2.3:a:-:fof\/upload:*:*:*:*:*:*:*:*

EPSS

0.001

Percentile

36.5%

Related for VERACODE:35714