monica

vulnerability cross-site scripting (xss) - stored (cwe-79)
severity 7.3
language php
registry other

Vulnerability

Stored Cross Site Scripting (Authenticated) via Unrestricted file upload.

✍️ Description

Monica CRM allows uploading SVG files as images which can be used to run arbitrary JavaScript.

🕵️‍♂️ Proof of Concept

Given you have installed Monica CRM, login and create a contact. Now go to contact's profile and click on photos tab

photos tab

Upload this svg file:

<svg xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" onload="alert(1);">
  <circle />
</svg>

File will be uploaded. Now, if you visit the URL of uploaded SVG file ie. the storage link, the image will load and browser will run Javascript along with he preview of SVG.

💥 Impact

This vulnerability is capable of...

References