New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stored XSS in file content #2338
Comments
|
What would be a mitigation for this? |
|
I'm afraid i cannot give you easy solution with this but there is some workarounds
|
|
There is a nice article about protecting from XSS in SVG files - https://digi.ninja/blog/svg_xss.php |
|
Fixed it with a CSP header. I'll push the result later tonight. |
|
Confirm, bug is not reproducible anymore |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
Current version of Firefly III Version 4.7.17.2 is vulnerable to stored XSS due to lack of filtration of user-supplied data in files content. Malicious attacker can upload specially crafted image, which contains javascript code. Malicious javascript code will be executed when user view this attachment (http://firefly.host/attachments/view/$file_id$).
Steps to reproduce
PoC image

Image for testing
svgfile.zip
Content of svgfile.svg
The text was updated successfully, but these errors were encountered: