| タイトル | Juzaweb Juzaweb CMS 3.4.2 Cross-Site Scripting |
|---|
| 説明 | Vulnerability Description
This vulnerability allows an attacker with access to the profile page to upload a malicious SVG file, even with extension filters enabled.
Impact
By exploiting this vulnerability, the attacker can execute scripts that can lead to different malicious activities, such as redirects, malware installation, among others.
To reproduce:
1) Create a new user and add it to a role with all permissions disabled;
2) Log in with that user's account;
3) Access the "Profile" page;
4) Click on the "Avatar" field and select a malicious .svg file to be uploaded;
5) Intercept the upload request with a proxy, such as Burp Suite;
6) Change the value of the "type" parameter from "image" to "file" and continue with the request;
7) Note that even if an error is returned on the front-end, the file is uploaded on the "Media" page;
8) Directly accessing the file address and the malicious payload is triggered.
|
|---|
| ソース | ⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_avatar_xss.md |
|---|
| ユーザー | Anonymous User |
|---|
| 送信 | 2025年05月24日 02:44 (1 年 ago) |
|---|
| モデレーション | 2025年06月01日 12:48 (8 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 310753 [juzaweb CMS 迄 3.4.2 Profile Page upload アップロード クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|