Vulners
Lucene search
π Fiora Chat 1.0.0 Cross Site Scripting
ποΈΒ 01 Oct 2025Β 00:00:00Reported byΒ Kaio Mendonca PereiraTypeΒ 
Β packetstormπΒ packetstorm.newsπΒ 191Β Views
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2025-56514 | 30 Sep 202521:00 | β | circl |
 | Fiora θ·¨η«θζ¬ζΌζ΄ | 1 Oct 202500:00 | β | cnnvd |
 | CVE-2025-56514 | 1 Oct 202500:00 | β | cve |
 | CVE-2025-56514 | 1 Oct 202500:00 | β | cvelist |
 | EUVD-2025-32019 | 3 Oct 202520:07 | β | euvd |
 | Fiora chat user avatar is vulnerable to XSS via SVG files | 1 Oct 202518:30 | β | github |
 | CVE-2025-56514 | 1 Oct 202516:15 | β | nvd |
 | CVE-2025-56514 | 1 Oct 202516:15 | β | osv |
| GHSA-HG3J-6PMH-MVJR Fiora chat user avatar is vulnerable to XSS via SVG files | 1 Oct 202518:30 | β | osv |
 | PT-2025-40248 | 1 Oct 202500:00 | β | ptsecurity |
10
# CVE-2025-56514: Cross Site Scripting (XSS) Vulnerability in Fiora Chat Application
## Overview
A Cross Site Scripting (XSS) vulnerability, identified as **CVE-2025-56514**, affects the Fiora chat application version 1.0.0. This vulnerability allows an authenticated user to execute arbitrary JavaScript in the context of another user's browser by uploading a malicious SVG file through the group avatar change functionality.
## Vulnerability Details
- **Vulnerability Type**: Cross Site Scripting (XSS)
- **Attack Type**: Remote
- **Impact**: Code Execution
- **Affected Product Code Base**: Fiora 1.0.0
- **Vendor**: suisuijiang
- **Discoverer**: Kaio Mendonca Pereira
## Affected Components
The following components in the Fiora chat application are impacted:
- **Backend**: `packages/server/src/routes/group.ts` (group management routes)
- **Frontend**:
- `packages/web/src/modules/Chat/GroupManagePanel.tsx` (group avatar upload interface)
- `packages/web/src/service.ts` (API service layer)
- `packages/web/src/components/Avatar.ts` (avatar rendering component)
## Attack Vectors
An authenticated user with creator privileges in a group can exploit this vulnerability by:
1. Uploading a malicious SVG file containing embedded JavaScript via the "Change Group Avatar" functionality.
2. The malicious SVG is stored in the `/GroupAvatar/` directory.
3. When the SVG avatar is rendered by the `Avatar.tsx` component in another user's browser, the embedded JavaScript executes, enabling XSS exploitation.
## Steps to Reproduce
1. **Authentication**: Log in to the Fiora chat application with valid credentials.
2. **Access Target Group**: Navigate to group management and select a group where you have creator privileges.
3. **Upload Malicious SVG**: Use the "Change Group Avatar" feature to upload a malicious SVG file with embedded JavaScript, such as:
```xml
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 100 100">
<foreignObject x="0" y="0" width="100" height="100">
<iframe xmlns="http://www.w3.org/1999/xhtml" src="https://evil.com" onmouseover="alert(document.cookie)" width="100" height="100"></iframe>
</foreignObject>
<text x="0" y="15"></text>
</svg>Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Oct 2025 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.14.6 - 5.4
EPSS0.00012