Lucene search
5h4s1FCE38751-BFD6-484C-B6E1-935E0AA8FFDCHistoryAug 13, 2023 - 6:39 a.m.
File Upload Bypass Leads to Stored XSS
2023-08-1306:39:57
5h4s1
www.huntr.dev
19
file upload
xss vulnerability
google drive
EPSS
0.001
Percentile
33.2%
Description
In the file upload feature, the system did not allow uploading files with extensions like html, … But when uploading files with extension xhtml, it leads to XSS vulnerabilities.
Proof of Concept
https://drive.google.com/file/d/1_MTa4st4POafaUAwn17n7ygp_TrF9BXp/view?usp=sharing
References
Related
github
github
Cockpit Cross-site Scripting vulnerability
2023-08-14 12:30:22
prion
prion
Cross site scripting
2023-08-14 11:15:00
cve
cve
CVE-2023-4321
2023-08-14 11:15:09
osv
osv
CVE-2023-4321
2023-08-14 11:15:09
Cockpit Cross-site Scripting vulnerability
2023-08-14 12:30:22
nvd
nvd
CVE-2023-4321
2023-08-14 11:15:09
veracode
veracode
Cross-site Scripting (XSS)
2023-08-16 07:52:04
cvelist
cvelist
CVE-2023-4321 Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit
2023-08-14 10:26:07