Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-18368

XSS through SVG download

    XMLWordPrintable

Details

    • N/A
    • N/A

    Description

      A stored XSS vulnerability is present on all file deposit mechanisms. In particular :

      • the form for adding attachments to a document (dashboard, publications, etc.)
      • the form used to change the profile picture.

      An attacker can upload a file with .svg format with the following content :

      <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<svg onload="alert('XSS')" xmlns="http://www.w3.org/2000/svg">
</svg>

      When this file is executed, by any user, the JavaScript code it contains will be executed in the victim's browser.

      An application of this vulnerability has already been made public for a few years: https://www.exploit-db.com/exploits/49437

       

      Note: all forms that allow you to upload a file to the server are vulnerable.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-19251 SVG attachment XSS vulnerability

          • Major - Major loss of function.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-9366 XSS via FileUpload

          • Major - Major loss of function.
          • Closed
          links to

          Web Link Github security advisory

          Activity

            People

              surli Simon Urli
              Ventresca Pierrick Vuillemin
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: