📄 Beakon Cross Site Scripting

Title: Cross Site Scripting/Phishing Delivery through File upload in Beakon versions prior to 5.4.3
    
    Description:
    
    The vulnerability exists due to insufficient validation of uploaded file types or names in the Beakon Application. An attacker can bypass the file extension allowed list and upload HTML contents including scripts. This uploaded file, containing malicious script content (for XSS) or deceptive content (for phishing), is then stored on the server and can be accessed via a specific URL. When another user (e.g., an administrator or another user viewing the attacker   s profile/content) accesses this file, the script executes in their browser (Stored XSS), or they are presented with a phishing page.
    
    Source Name:/Email: g30ff1r1
    CVE: CVE-2025-55372 (Reserved for now)
    Affected Software: Beakon Software
    Affected Versions: versions prior to 5.4.3
    Software URL: https://beakon.com.au/, https://beakon.io/
    
    Proof of Concept/Content:
    
    Attacker can bypass the file extension to upload malicious HTML file which can be used for delivering phishing contents , XSS attacks. A two-stage vulnerability chain enables attackers to upload and actively render malicious HTML files by abusing both:
    
    1. A filename extension bypass (e.g., appending a dot at the end of the allowed extension)
    
    2. A rendering control parameter (download=0) used in the file preview logic, attacker can deliver the malicious URL or wait for victim to browse /file/preview?id=<malicious_file_id>&download=0
    
    This enables delivery of stored XSS payloads or phishing pages under the application's trusted domain.