Stored XSS via SVG File in usememos/memos
Dec 20th 2022
usememos has a feature to upload file and display it. By uploading a crafted SVG files, the users can perform Stored XSS attack with the image direct link.
Copy the following code and save as filename.svg.
Proof of Concept (filename.svg)
- Login as user
- create a new post and upload the svg file
- save the post
- take the direct link of the image and open it in a new tab
- see XSS (example link: https://<yoursite>/o/r/8/filename.svg).
if you need more specific information, feel free to contact me.
If an attacker can execute the script in the victim's browser via SVG file, they might compromise that user by stealing its cookies and other malicious things.