Skip to content

Stored XSS via filename parameter in '/api/storage/upload/PostImage' #316

Closed
@tuando243

Description

Describe the bug
Stored XSS exists in Blogifier 3.0 via filename parameter in '/api/storage/upload/PostImage'.

Steps to reproduce

  1. Login as admin.
  2. Click on 'New post'.
  3. Click on 'Insert Image' and insert the following payload <img src=1 onerror=alert(1)> in filename field.
  4. Click on Save, Publish and View the post.

1

2

3

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions