Details
-
Bug
-
Resolution: Fixed
-
Major
-
1.0
-
N/A
-
N/A
-
Description
A stored XSS vulnerability is present on all file deposit mechanisms. In particular :
- the form for adding attachments to a document (dashboard, publications, etc.)
- the form used to change the profile picture.
An attacker can upload a file with .svg format with the following content :
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <svg onload="alert('XSS')" xmlns="http://www.w3.org/2000/svg"> </svg>
When this file is executed, by any user, the JavaScript code it contains will be executed in the victim's browser.
An application of this vulnerability has already been made public for a few years: https://www.exploit-db.com/exploits/49437
Note: all forms that allow you to upload a file to the server are vulnerable.
Attachments
Issue Links
- is duplicated by
-
XWIKI-19251 SVG attachment XSS vulnerability
- Closed
- is related to
-
XWIKI-9366 XSS via FileUpload
- Closed
- links to