إرسال #633921: Open-Source Samarium - Business Management System 0.9.6 Arbitrary JavaScript Execution via Unsanitized SVG Uploadالمعلومات

عنوانOpen-Source Samarium - Business Management System 0.9.6 Arbitrary JavaScript Execution via Unsanitized SVG Upload
الوصفA Cross-Site Scripting (XSS) vulnerability has been identified in Samarium - Business Management System, version v0.9.6. The application allows SVG files to be uploaded through the image upload feature in /cms/webpage/ without proper validation or sanitization. An attacker can exploit this flaw by uploading a malicious .svg file containing embedded JavaScript code. When the file is accessed directly from the /gallery directory and rendered by the browser, the malicious code is executed in the context of the victim's session. The attack can even be exploited against unauthenticated users if the link to the malicious file is shared.
المصدر⚠️ https://github.com/MaiqueSilva/VulnDB/blob/main/README09.md
المستخدم
 maique (UID 88562)
ارسال13/08/2025 08:55 PM (11 أشهر منذ)
الاعتدال25/08/2025 11:12 AM (12 days later)
الحالةتمت الموافقة
إدخال VulDB321259 [oitcode samarium حتى 0.9.6 Pages Image /cms/webpage/ البرمجة عبر المواقع]
النقاط20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!