Lucene search
Veracode Vulnerability DatabaseVERACODE:35714HistoryMay 26, 2022 - 5:55 a.m.
Cross-Site Scripting (XSS)
2022-05-2605:55:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.001 Low
EPSS
Percentile
36.5%
fof/upload is vulnerable to cross-site scripting. The vulnerability exists in FoF Upload because the uploaded SVG files are not properly validated which allows an attacker to inject and execute arbitrary javascript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fof/upload | le | 1.2.2 | |
| fof/upload | le | 1.2.2 |
References
github.com/advisories/GHSA-fm53-mpmp-7qw2
github.com/FriendsOfFlarum/upload/commit/d1f0e4bae11ce12f4d1f6482b380e48f345a8dd3
github.com/FriendsOfFlarum/upload/issues/68
github.com/FriendsOfFlarum/upload/pull/318
github.com/FriendsOfFlarum/upload/releases/tag/1.2.3
github.com/FriendsOfFlarum/upload/security/advisories/GHSA-fm53-mpmp-7qw2
Related
cvelist
cvelist
cve
cve
CVE-2022-30999
2022-06-02 14:15:56
prion
prion
Code injection
2022-06-02 14:15:00
osv
osv
Possible cross-site scripting attack via unsanitized SVG files in FoF Upload
2022-05-25 22:55:25
CVE-2022-30999
2022-06-02 14:15:56
nvd
nvd
CVE-2022-30999
2022-06-02 14:15:56
github
github
Possible cross-site scripting attack via unsanitized SVG files in FoF Upload
2022-05-25 22:55:25