| Título | Juzaweb Juzaweb CMS 3.4.2 Cross-Site Scripting |
|---|
| Descrição | Vulnerability Description
This vulnerability allows an attacker with access to the profile page to upload a malicious SVG file, even with extension filters enabled.
Impact
By exploiting this vulnerability, the attacker can execute scripts that can lead to different malicious activities, such as redirects, malware installation, among others.
To reproduce:
1) Create a new user and add it to a role with all permissions disabled;
2) Log in with that user's account;
3) Access the "Profile" page;
4) Click on the "Avatar" field and select a malicious .svg file to be uploaded;
5) Intercept the upload request with a proxy, such as Burp Suite;
6) Change the value of the "type" parameter from "image" to "file" and continue with the request;
7) Note that even if an error is returned on the front-end, the file is uploaded on the "Media" page;
8) Directly accessing the file address and the malicious payload is triggered.
|
|---|
| Fonte | ⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_avatar_xss.md |
|---|
| Utilizador | Anonymous User |
|---|
| Submissão | 24/05/2025 02h44 (há 1 Ano) |
|---|
| Moderação | 01/06/2025 12h48 (8 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 310753 [juzaweb CMS até 3.4.2 Profile Page upload Carregar Script de Site Cruzado] |
|---|
| Pontos | 20 |
|---|