ThanhlocstudentA89A4198-0880-4AA2-8439-A463F39F244CUnrestricted XML Files Leads to Stored XSS
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
50.0%
Description
The web Application restricts upload files by blacklist extensions. It’s not safe for the application to prevent the attack, there are many extension can cause an attack to user and web application. By uploading XML files, the users can perform an Stored XSS attack
Proof of Concept
[1.] User login with his credential at: https://demo.microweber.org/demo/admin/
[2.] Upload XML files which embed Javascript code on Module “Files” (https://demo.microweber.org/demo/admin/view:modules/load_module:files), this is the content of xml file:
<x:script xmlns:x=“http://www.w3.org/1999/xhtml”>alert(document.cookie)</x:script>
[3.] By click to view the xml file or access to the URL of this file, Attacker can execute the Javascript code.
Impact
If an attacker can control a script that is executed in the victim’s browser, they might compromise that user, in this case, an admin, by stealing its cookies.
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
50.0%