Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrSampritdas8781B5C2A-BC98-41A0-A276-EA12399E5A25
HistoryApr 10, 2022 - 10:32 a.m.

Stored XSS viva .svg file upload

2022-04-1010:32:28
sampritdas8
www.huntr.dev
23
stored xss
svg files
image upload
admin account takeover
security vulnerability

EPSS

0.001

Percentile

44.8%

JSON

Description

The application allows .svg files to upload which leads to stored XSS

Proof of Concept

1.Download the payload from this link:- https://drive.google.com/file/d/1c1BP5bxXBxtwLfRJTrEPgMWK1yVFDF2R/view?usp=sharing

2.Login to the application with Co-admin account and go to “Settings” -> “Image Manager” and upload the downloaded “XSS.svg” payload.

3.Then login with admin account and go to “Settings” -> “Image Manager” and select the “XSS.svg” and open it on a new tab or open the uploaded location you will see that XSS will trigger and this can lead to the admin account takeover.

PoC video:

https://drive.google.com/file/d/1jdjUHuQPG0xVR3pImcg3vT4cuxhIEuBi/view?usp=sharing

Related

cvelist 1
nvd 1
osv 1
cve 1
prion 1
cvelist
cvelist
CVE-2022-1345 Stored XSS viva .svg file upload in causefx/organizr
2022-04-13 18:10:18
nvd
nvd
CVE-2022-1345
2022-04-13 19:15:09
osv
osv
CVE-2022-1345
2022-04-13 19:15:09
cve
cve
CVE-2022-1345
2022-04-13 19:15:09
prion
prion
Cross site scripting
2022-04-13 19:15:00

EPSS

0.001

Percentile

44.8%

JSON
Related for 781B5C2A-BC98-41A0-A276-EA12399E5A25
cvelist1nvd1osv1cve1prion1