제출 #633921: Open-Source Samarium - Business Management System 0.9.6 Arbitrary JavaScript Execution via Unsanitized SVG Upload정보

제목Open-Source Samarium - Business Management System 0.9.6 Arbitrary JavaScript Execution via Unsanitized SVG Upload
설명A Cross-Site Scripting (XSS) vulnerability has been identified in Samarium - Business Management System, version v0.9.6. The application allows SVG files to be uploaded through the image upload feature in /cms/webpage/ without proper validation or sanitization. An attacker can exploit this flaw by uploading a malicious .svg file containing embedded JavaScript code. When the file is accessed directly from the /gallery directory and rendered by the browser, the malicious code is executed in the context of the victim's session. The attack can even be exploited against unauthenticated users if the link to the malicious file is shared.
원천⚠️ https://github.com/MaiqueSilva/VulnDB/blob/main/README09.md
사용자
 maique (UID 88562)
제출2025. 08. 13. PM 08:55 (11 개월 ago)
모더레이션2025. 08. 25. AM 11:12 (12 days later)
상태수락
VulDB 항목321259 [oitcode samarium 까지 0.9.6 Pages Image /cms/webpage/ 크로스 사이트 스크립팅]
포인트들20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!