| タイトル | Bytedesk <=1.3.9 Unrestricted Upload of File with Dangerous Type (CWE-434) |
|---|
| 説明 | The authenticated file upload endpoint routes SVG files through UploadWatermarkService.addWatermarkToFile(), which writes the file to disk without stripping embedded JavaScript. The POC uploads an SVG containing <script>alert(...)></script> to POST /api/v1/upload/file; the server returns HTTP 200 and a public URL. Visiting the URL triggers Stored XSS, bypassing watermark processing without sanitization. |
|---|
| ソース | ⚠️ https://github.com/Bytedesk/bytedesk/issues/19 |
|---|
| ユーザー | ZAST.AI (UID 87884) |
|---|
| 送信 | 2026年02月26日 07:03 (2 月 ago) |
|---|
| モデレーション | 2026年03月07日 21:23 (10 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 349727 [Bytedesk 迄 1.3.9 SVG File UploadRestService.java handleFileUpload 特権昇格] |
|---|
| ポイント | 20 |
|---|