Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-18368

XSS through SVG download

    XMLWordPrintable

    Details

    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      A stored XSS vulnerability is present on all file deposit mechanisms. In particular :

      • the form for adding attachments to a document (dashboard, publications, etc.)
      • the form used to change the profile picture.

      An attacker can upload a file with .svg format with the following content :

      <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
      <svg onload="alert('XSS')" xmlns="http://www.w3.org/2000/svg">
      </svg>
      

      When this file is executed, by any user, the JavaScript code it contains will be executed in the victim's browser.

      An application of this vulnerability has already been made public for a few years: https://www.exploit-db.com/exploits/49437

       

      Note: all forms that allow you to upload a file to the server are vulnerable.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              surli Simon Urli
              Reporter:
              Ventresca Pierrick Vuillemin
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response: