Cross-site Scripting (XSS) - Stored in idempiere/idempiere

Valid

Reported on

Jun 4th 2021


✍️ Description

Stored xss via svg file upload

🕵️‍♂️ Proof of Concept

you can upload this svg file https://github.com/ranjit-git/poc/blob/master/evilsvgfile.svg .
Check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1nKXfSUjU5vDEMMY6cAmRs6d3MCPoj0uv/view?usp=sharing

💥 Impact

stored xss allow to execute arbitary javascript code in victim browser

Jamie Slome
6 months ago

Admin


@ranjit-git, I will reach out to them via their public e-mail security@idempiere.com.

Jamie Slome validated this vulnerability 6 months ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
Jamie Slome confirmed that a fix has been merged on fa0b52 6 months ago
The fix bounty has been dropped