Login Sign Up

CVE-2022-30999

8.7 HIGH
Cross-Site Scripting

📋 TL;DR

This vulnerability allows attackers to execute arbitrary JavaScript code by uploading malicious SVG files to FoF Upload extension for Flarum forums. Authenticated users can exploit this to leak or modify data through cross-site scripting attacks. All Flarum installations using FoF Upload versions before 1.2.3 with SVG uploads enabled are affected.

💻 Affected Systems

Products:
  • FriendsOfFlarum Upload extension for Flarum
Versions: All versions prior to 1.2.3
Operating Systems: All
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if SVG file uploads ('image/svg+xml') are enabled in extension configuration

📦 What is this software?

Upload by Friendsofflarum

View all CVEs affecting Upload →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of forum data including user credentials, private messages, and administrative access through JavaScript execution in victim browsers.

🟠

Likely Case

Data exfiltration from authenticated users' sessions, potential account takeover, and unauthorized data modification.

🟢

If Mitigated

Limited impact with proper input validation and SVG sanitization in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated user access and SVG upload capability

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.3

Vendor Advisory: https://github.com/FriendsOfFlarum/upload/security/advisories/GHSA-fm53-mpmp-7qw2

Restart Required: No

Instructions:

1. Update FoF Upload extension to version 1.2.3 or later via Flarum admin panel or Composer. 2. Verify SVG sanitization is enabled in extension settings.

🔧 Temporary Workarounds

Disable SVG uploads

all

Remove SVG file type from allowed upload formats in FoF Upload configuration

🧯 If You Can't Patch

  • Implement web application firewall rules to block SVG file uploads
  • Add Content Security Policy headers to restrict script execution from uploaded files

🔍 How to Verify

Check if Vulnerable:

Check FoF Upload extension version in Flarum admin panel or composer.json. If version < 1.2.3 and SVG uploads are enabled, system is vulnerable.

Check Version:

composer show fof/upload --format=json | grep version

Verify Fix Applied:

Verify extension version is 1.2.3 or higher and test SVG upload functionality with embedded scripts to confirm sanitization.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SVG file uploads
  • Multiple failed SVG upload attempts
  • Requests to uploaded SVG files with suspicious parameters

Network Indicators:

  • Outbound connections from forum to external domains following SVG file access
  • Unusual POST requests containing SVG content

SIEM Query:

source="web_logs" AND (uri="*.svg" OR mime_type="image/svg+xml") AND status=200

📊 Metadata

CVE ID: CVE-2022-30999
CVSS v3 Score: 8.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
CWE: CWE-79
Published: June 2, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-30999, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)