Loading...

XML

Word

Printable

Details

Type: Security
Resolution: Duplicate
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Web - Templates & Resources
Labels:

Difficulty:
Unknown
Similar issues:

Description

An attacker can convince a victim to upload an attachment with a malicious filename in order to trigger an XSS vulnerability.

Below is a detailed replication guide.

1. Login in the XWiki instance and go to the following path `/bin/view/Main/#Attachments` and click on the Browse button.
2. Upload a file with the following filename "><img src=x onerror='alert(1)'>.txt and it is going to trigger an XSS vulnerability

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

image-2024-01-08-13-13-55-687.png
155 kB
08/Jan/24 12:13
image-2024-01-08-13-17-59-614.png
100 kB
08/Jan/24 12:18
image-2024-01-08-13-19-14-017.png
142 kB
08/Jan/24 12:19

Issue Links

duplicates

XWIKI-19611 XSS through attachment filename in uploader

Closed

Activity

People

Assignee:: Michael Hamann

Reporter:: Georgios Roumeliotis

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Jan/24 12:19

Updated:: 17/Jun/24 12:31

Resolved:: 08/Jan/24 17:11

Date of First Response:: 08/Jan/24 5:11 PM