| Título | givanz VvvebJs 2.0.5 Stored XSS |
|---|
| Descrição | 1. Unauthenticated Access & Stored XSS:
- A critical vulnerability exists in the upload.php endpoint of VvvebJs. The endpoint completely lacks authentication and access control mechanisms by default.
- An unauthenticated, remote attacker can directly send a POST request to upload files. Furthermore, the endpoint fails to sanitize the contents of uploaded SVG (Scalable Vector Graphics) files.
2. Exploiting the Vulnerability:
- Because SVG is an XML-based format that supports embedded JavaScript via attributes like onload, an attacker can upload a maliciously crafted .svg file containing arbitrary JavaScript code.
- Once the file is uploaded, it is stored in the /media/ directory. When any user (including administrators) accesses the direct URL of the uploaded SVG file, their browser parses the file and executes the embedded JavaScript payload within the context of the application's domain. |
|---|
| Fonte | ⚠️ https://tcn60zf28jhk.feishu.cn/wiki/Cr4KwMPiMi65fFkI9Vyc3oX2n0f?from=from_copylink |
|---|
| Utilizador | EthX0_ (UID 96627) |
|---|
| Submissão | 22/03/2026 12h20 (há 26 dias) |
|---|
| Moderação | 05/04/2026 17h32 (14 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 355406 [givanz Vvvebjs até 2.0.5 File Upload Endpoint upload.php uploadAllowExtensions Script de Site Cruzado] |
|---|
| Pontos | 20 |
|---|