CVE-2022-30110

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-30110

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-30110.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-30110

Aliases

GHSA-j2xf-p274-g8cc

Published

2022-05-17T13:14:17Z

Modified

2026-05-15T11:54:23.486911933Z

Summary

[none]

Details

The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file will be executed in the users' browser.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/30xxx/CVE-2022-30110.json",
    "cna_assigner": "mitre"
}

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/30xxx/CVE-2022-30110.json
https://nvd.nist.gov/vuln/detail/CVE-2022-30110
https://gitlab.com/mojo42/Jirafeau/-/merge_requests/103

CVE-2022-30110

Affected packages