| タイトル | givanz VvvebJs 2.0.5 Stored XSS |
|---|
| 説明 | 1. Unauthenticated Access & Stored XSS:
- A critical vulnerability exists in the upload.php endpoint of VvvebJs. The endpoint completely lacks authentication and access control mechanisms by default.
- An unauthenticated, remote attacker can directly send a POST request to upload files. Furthermore, the endpoint fails to sanitize the contents of uploaded SVG (Scalable Vector Graphics) files.
2. Exploiting the Vulnerability:
- Because SVG is an XML-based format that supports embedded JavaScript via attributes like onload, an attacker can upload a maliciously crafted .svg file containing arbitrary JavaScript code.
- Once the file is uploaded, it is stored in the /media/ directory. When any user (including administrators) accesses the direct URL of the uploaded SVG file, their browser parses the file and executes the embedded JavaScript payload within the context of the application's domain. |
|---|
| ソース | ⚠️ https://tcn60zf28jhk.feishu.cn/wiki/Cr4KwMPiMi65fFkI9Vyc3oX2n0f?from=from_copylink |
|---|
| ユーザー | EthX0_ (UID 96627) |
|---|
| 送信 | 2026年03月22日 12:20 (26 日 ago) |
|---|
| モデレーション | 2026年04月05日 17:32 (14 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 355406 [givanz Vvvebjs 迄 2.0.5 File Upload Endpoint upload.php uploadAllowExtensions クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|