| 제목 | opendcim 23.04 Cross Site Scripting |
|---|
| 설명 | # Stored XSS via SVG Upload openDCIM 23.04 https://opendcim.org/
## Description
A **stored Cross-Site Scripting (XSS)** vulnerability was identified in the image upload functionality of the application.
Among the allowed file extensions, the `.svg` format is accepted. Since SVG is an XML-based format, it can contain embedded JavaScript code.
We were able to inject a malicious script into an `.svg` file and upload it successfully. When this file is later viewed within the application, the JavaScript code executes in the client’s browser, resulting in a **stored XSS vulnerability**.
## Impact
- Execution of arbitrary scripts in the browsers of users viewing malicious SVG files.
- Theft of cookies, session tokens, or other sensitive data.
- Potential compromise of privileged accounts if an administrator views the malicious file.
## Proof of Concept
After logging into the OpenDCIM application, a user can upload an .svg file via the following endpoint:
https://localhost/image_management.php
Once uploaded, the image is accessible at:
https://localhost/assets/pictures/file.svg
## Remediation
**Restrict allowed file types:**
- Block SVG uploads or any file formats that may contain executable code.
**Sanitize uploaded files:**
- Clean uploaded SVG files to remove any embedded JavaScript.
- Disable script execution within SVG files.
**Enforce security headers:**
- Apply a strict [Content Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) to limit unauthorized script execution.
---
???? *Severity: High* AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
???? *Category: Stored Cross-Site Scripting (XSS)* |
|---|
| 원천 | ⚠️ https://github.com/lam-sec/openDCIMpoc |
|---|
| 사용자 | lamouchi (UID 84095) |
|---|
| 제출 | 2025. 08. 27. PM 08:02 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 11. AM 07:34 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 323613 [openDCIM 23.04 SVG File /scripts/uploadifive.php Filedata 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|