Lucene search
+L

📄 Fiora Chat 1.0.0 Cross Site Scripting

🗓️ 01 Oct 2025 00:00:00Reported by Kaio Mendonca PereiraType 
packetstorm
 packetstorm
🔗 packetstorm.news👁 215 Views

CVE-2025-56514: XSS in Fiora Chat 1.0.0 via malicious SVG group avatar upload enabling code execution.

Related
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-56514
30 Sep 202521:00
circl
CNNVD
Fiora 跨站脚本漏洞
1 Oct 202500:00
cnnvd
CVE
CVE-2025-56514
1 Oct 202500:00
cve
Cvelist
CVE-2025-56514
1 Oct 202500:00
cvelist
EUVD
EUVD-2025-32019
3 Oct 202520:07
euvd
Github Security Blog
Fiora chat user avatar is vulnerable to XSS via SVG files
1 Oct 202518:30
github
NVD
CVE-2025-56514
1 Oct 202516:15
nvd
OSV
CVE-2025-56514
1 Oct 202516:15
osv
OSV
GHSA-HG3J-6PMH-MVJR Fiora chat user avatar is vulnerable to XSS via SVG files
1 Oct 202518:30
osv
Positive Technologies
PT-2025-40248
1 Oct 202500:00
ptsecurity
Rows per page
# CVE-2025-56514: Cross Site Scripting (XSS) Vulnerability in Fiora Chat Application
    
    ## Overview
    A Cross Site Scripting (XSS) vulnerability, identified as **CVE-2025-56514**, affects the Fiora chat application version 1.0.0. This vulnerability allows an authenticated user to execute arbitrary JavaScript in the context of another user's browser by uploading a malicious SVG file through the group avatar change functionality.
    
    ## Vulnerability Details
    - **Vulnerability Type**: Cross Site Scripting (XSS)
    - **Attack Type**: Remote
    - **Impact**: Code Execution
    - **Affected Product Code Base**: Fiora 1.0.0
    - **Vendor**: suisuijiang
    - **Discoverer**: Kaio Mendonca Pereira
    
    ## Affected Components
    The following components in the Fiora chat application are impacted:
    - **Backend**: `packages/server/src/routes/group.ts` (group management routes)
    - **Frontend**:
      - `packages/web/src/modules/Chat/GroupManagePanel.tsx` (group avatar upload interface)
      - `packages/web/src/service.ts` (API service layer)
      - `packages/web/src/components/Avatar.ts` (avatar rendering component)
    
    ## Attack Vectors
    An authenticated user with creator privileges in a group can exploit this vulnerability by:
    1. Uploading a malicious SVG file containing embedded JavaScript via the "Change Group Avatar" functionality.
    2. The malicious SVG is stored in the `/GroupAvatar/` directory.
    3. When the SVG avatar is rendered by the `Avatar.tsx` component in another user's browser, the embedded JavaScript executes, enabling XSS exploitation.
    
    ## Steps to Reproduce
    1. **Authentication**: Log in to the Fiora chat application with valid credentials.
    2. **Access Target Group**: Navigate to group management and select a group where you have creator privileges.
    3. **Upload Malicious SVG**: Use the "Change Group Avatar" feature to upload a malicious SVG file with embedded JavaScript, such as:
       ```xml
       <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 100 100">
           <foreignObject x="0" y="0" width="100" height="100">
               <iframe xmlns="http://www.w3.org/1999/xhtml" src="https://evil.com" onmouseover="alert(document.cookie)" width="100" height="100"></iframe>
           </foreignObject>
           <text x="0" y="15"></text>
       </svg>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

01 Oct 2025 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.14.6 - 5.4
EPSS0.00262
215