Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Monstra 3.0.4 has Stored XSS via Uploading html file that has no extension. #459
Brief of this vulnerability
Reason of This Vulnerability
This filtering logic checks that extension of upload file is in their blacklist($forbidden_type variable), but it is not check that extension do not exist in their logic.
Following this logic, No extension file saved with appending '.' at end of filename (e.g. xss -> xss.)
It can be executed in browser as html, and it causes of Stored XSS.