| tiêu đề | Juzaweb Juzaweb CMS 3.4.2 Cross-Site Scripting |
|---|
| Mô tả | Vulnerability Description
This vulnerability allows an attacker with access to the profile page to upload a malicious SVG file, even with extension filters enabled.
Impact
By exploiting this vulnerability, the attacker can execute scripts that can lead to different malicious activities, such as redirects, malware installation, among others.
To reproduce:
1) Create a new user and add it to a role with all permissions disabled;
2) Log in with that user's account;
3) Access the "Profile" page;
4) Click on the "Avatar" field and select a malicious .svg file to be uploaded;
5) Intercept the upload request with a proxy, such as Burp Suite;
6) Change the value of the "type" parameter from "image" to "file" and continue with the request;
7) Note that even if an error is returned on the front-end, the file is uploaded on the "Media" page;
8) Directly accessing the file address and the malicious payload is triggered.
|
|---|
| Nguồn | ⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_avatar_xss.md |
|---|
| Người dùng | Anonymous User |
|---|
| Đệ trình | 24/05/2025 02:44 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 01/06/2025 12:48 (8 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 310753 [juzaweb CMS đến 3.4.2 Profile Page upload Tải lên Tập lệnh chéo trang] |
|---|
| điểm | 20 |
|---|