| Title | Bytedesk <=1.3.9 Unrestricted Upload of File with Dangerous Type (CWE-434) |
|---|
| Description | The authenticated file upload endpoint routes SVG files through UploadWatermarkService.addWatermarkToFile(), which writes the file to disk without stripping embedded JavaScript. The POC uploads an SVG containing <script>alert(...)></script> to POST /api/v1/upload/file; the server returns HTTP 200 and a public URL. Visiting the URL triggers Stored XSS, bypassing watermark processing without sanitization. |
|---|
| Source | ⚠️ https://github.com/Bytedesk/bytedesk/issues/19 |
|---|
| User | ZAST.AI (UID 87884) |
|---|
| Submission | 02/26/2026 07:03 (2 months ago) |
|---|
| Moderation | 03/07/2026 21:23 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 349727 [Bytedesk up to 1.3.9 SVG File UploadRestService.java handleFileUpload unrestricted upload] |
|---|
| Points | 20 |
|---|