After the file is uploaded, some information about the file will be writed to the database.
image_mimetype with value from $uploader->getMediaType() will be writed .
$uploader->getMediaType() is finally from the type of uploaded file, it is generated in the browser side, so this will cause a stored xss.
Credit: ADLab of Venustech
The text was updated successfully, but these errors were encountered:
In XoopsMediaUploader, there is an option, $allowUnknownTypes,
that could allow a malicious mime-type supplied in an HTTP
request to be returned directly to the caller. Without further
processing by the caller, a carefully crafted mime-type could
be used to facilitate other malicious actions.
This change checks the structure of the mime-type, and will
always reject any upload attempted with a non-conforming
content-type specified (i.e. containing script code.)
FixesXOOPS#524
There is a stored xss in imagemanager.php.
Here is the critical code:

After the file is uploaded, some information about the file will be writed to the database.

image_mimetype with value from $uploader->getMediaType() will be writed .
$uploader->getMediaType() is finally from the type of uploaded file, it is generated in the browser side, so this will cause a stored xss.
Credit: ADLab of Venustech
The text was updated successfully, but these errors were encountered: