| 제목 | givanz VvvebJs 2.0.5 Stored XSS |
|---|
| 설명 | 1. Unauthenticated Access & Stored XSS:
- A critical vulnerability exists in the upload.php endpoint of VvvebJs. The endpoint completely lacks authentication and access control mechanisms by default.
- An unauthenticated, remote attacker can directly send a POST request to upload files. Furthermore, the endpoint fails to sanitize the contents of uploaded SVG (Scalable Vector Graphics) files.
2. Exploiting the Vulnerability:
- Because SVG is an XML-based format that supports embedded JavaScript via attributes like onload, an attacker can upload a maliciously crafted .svg file containing arbitrary JavaScript code.
- Once the file is uploaded, it is stored in the /media/ directory. When any user (including administrators) accesses the direct URL of the uploaded SVG file, their browser parses the file and executes the embedded JavaScript payload within the context of the application's domain. |
|---|
| 원천 | ⚠️ https://tcn60zf28jhk.feishu.cn/wiki/Cr4KwMPiMi65fFkI9Vyc3oX2n0f?from=from_copylink |
|---|
| 사용자 | EthX0_ (UID 96627) |
|---|
| 제출 | 2026. 03. 22. PM 12:20 (25 날 ago) |
|---|
| 모더레이션 | 2026. 04. 05. PM 05:32 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 355406 [givanz Vvvebjs 까지 2.0.5 File Upload Endpoint upload.php uploadAllowExtensions 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|