Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-18368

XSS through SVG download

    XMLWordPrintable

Details

    • N/A
    • N/A

    Description

      A stored XSS vulnerability is present on all file deposit mechanisms. In particular :

      • the form for adding attachments to a document (dashboard, publications, etc.)
      • the form used to change the profile picture.

      An attacker can upload a file with .svg format with the following content :

      <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
      <svg onload="alert('XSS')" xmlns="http://www.w3.org/2000/svg">
      </svg>
      

      When this file is executed, by any user, the JavaScript code it contains will be executed in the victim's browser.

      An application of this vulnerability has already been made public for a few years: https://www.exploit-db.com/exploits/49437

       

      Note: all forms that allow you to upload a file to the server are vulnerable.

      Attachments

        Issue Links

          Activity

            People

              surli Simon Urli
              Ventresca Pierrick Vuillemin
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: