fof/upload is vulnerable to cross-site scripting. The vulnerability exists in FoF Upload because the uploaded SVG files are not properly validated which allows an attacker to inject and execute arbitrary javascript.
Vendor | Product | Version | CPE |
---|---|---|---|
- | fof\/upload | * | cpe:2.3:a:-:fof\/upload:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-fm53-mpmp-7qw2
github.com/FriendsOfFlarum/upload/commit/d1f0e4bae11ce12f4d1f6482b380e48f345a8dd3
github.com/FriendsOfFlarum/upload/issues/68
github.com/FriendsOfFlarum/upload/pull/318
github.com/FriendsOfFlarum/upload/releases/tag/1.2.3
github.com/FriendsOfFlarum/upload/security/advisories/GHSA-fm53-mpmp-7qw2