Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

version 3.14.1 is vulnerable to stored xss or ssrf via file upload. #1508

Closed
r4vanan opened this issue Apr 14, 2023 · 1 comment
Closed

version 3.14.1 is vulnerable to stored xss or ssrf via file upload. #1508

r4vanan opened this issue Apr 14, 2023 · 1 comment

Comments

@r4vanan
Copy link

r4vanan commented Apr 14, 2023

Describe your problem

I found a cross-site scripting attack on the new content creating page http://localhost:800/admin/new-content
it will execute the script in user context allowing the attacker to access any cookies or sessions tokens retained
by the browser.
Stored XSS, also known as persistent XSS, is the more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application.

Steps to reproduce the problem

  • login into the account

  • click on the new content like in that image
    new_content

  • click on the images button
    images_button

  • select the payload svg file which is injected with xss payload or ssrf payload
    payload

image-upload_success

  • insert and save the page
  • copy the image link and open in the new tab
    popup
@dignajar
Copy link
Member

You need to have access to the admin panel to change configurations and store XSS. Feel free to provide a solution via PR. Thank you for reporting the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dignajar @r4vanan