Lucene search
Veracode Vulnerability DatabaseVERACODE:36915HistorySep 02, 2022 - 11:36 a.m.
Cross-site Scripting (XSS)
2022-09-0211:36:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
0.001 Low
EPSS
Percentile
21.6%
francoisjacquet/rosariosis is vulnerable to cross-site scripting(XSS) attacks. The vulnerability exists because the FileExtensionWhiteList function in FileUpload.fnc.php does not restrict unsanitized SVG files from being injected, which allows an attacker to execute malicious javascript and steal user’s cookies.
| CPE | Name | Operator | Version |
|---|---|---|---|
| francoisjacquet/rosariosis | le | v8.9.2 | |
| francoisjacquet/rosariosis | le | v8.9.2 |
Related
huntr
huntr
Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
2021-11-27 07:06:03
prion
prion
Cross site scripting
2022-09-01 08:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-3072
2022-09-01 08:15:07
osv
osv
francoisjacquet/rosariosis vulnerable to Cross-Site Scripting (XSS)
2022-09-02 00:01:09
CVE-2022-3072
2022-09-01 08:15:07
github
github
francoisjacquet/rosariosis vulnerable to Cross-Site Scripting (XSS)
2022-09-02 00:01:09
cve
cve
CVE-2022-3072
2022-09-01 08:15:07