Lucene search
Mike9934B7FB92C-F06B-4BBF-82DC-9F013B30B6A6HistorySep 16, 2022 - 9:43 a.m.
Stored XSS via SVG File
2022-09-1609:43:12
mike993
www.huntr.dev
12
stored xss
svg file
upload permission
demo.inventree.org
0.001 Low
EPSS
Percentile
21.4%
Description
By uploading SVG files, the users can perform Stored XSS attack.
Copy the following code and save as filename.svg.
Proof of Concept
<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert(document.domain)</x:script>
[1] Login as user with upload permission.
[2] upload the payload injected SVG file at https://demo.inventree.org/order/sales-order/3/
[3] Copy the uploaded svg file url and open in new tab. (every logged user can access to this url)
[4] XSS ! (https://demo.inventree.org/media/so_files/3/yourfile.svg)
if you need more specific information, feel free to contact me.
Related
osv
osv
Inventree vulnerable to Stored Cross-site Scripting
2022-09-30 00:00:45
CVE-2022-3355
2022-09-29 10:15:09
nvd
nvd
CVE-2022-3355
2022-09-29 10:15:09
cvelist
cvelist
CVE-2022-3355 Cross-site Scripting (XSS) - Stored in inventree/inventree
2022-09-29 09:25:11
github
github
Inventree vulnerable to Stored Cross-site Scripting
2022-09-30 00:00:45
cve
cve
CVE-2022-3355
2022-09-29 10:15:09
prion
prion
Cross site scripting
2022-09-29 10:15:00