Súbít #642716: opendcim 23.04 Cross Site Scriptingbayani

Kuraopendcim 23.04 Cross Site Scripting
Gaskiya# Stored XSS via SVG Upload openDCIM 23.04 https://opendcim.org/ ## Description A **stored Cross-Site Scripting (XSS)** vulnerability was identified in the image upload functionality of the application. Among the allowed file extensions, the `.svg` format is accepted. Since SVG is an XML-based format, it can contain embedded JavaScript code. We were able to inject a malicious script into an `.svg` file and upload it successfully. When this file is later viewed within the application, the JavaScript code executes in the client’s browser, resulting in a **stored XSS vulnerability**. ## Impact - Execution of arbitrary scripts in the browsers of users viewing malicious SVG files. - Theft of cookies, session tokens, or other sensitive data. - Potential compromise of privileged accounts if an administrator views the malicious file. ## Proof of Concept After logging into the OpenDCIM application, a user can upload an .svg file via the following endpoint: https://localhost/image_management.php Once uploaded, the image is accessible at: https://localhost/assets/pictures/file.svg ## Remediation **Restrict allowed file types:** - Block SVG uploads or any file formats that may contain executable code. **Sanitize uploaded files:** - Clean uploaded SVG files to remove any embedded JavaScript. - Disable script execution within SVG files. **Enforce security headers:** - Apply a strict [Content Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) to limit unauthorized script execution. --- ???? *Severity: High* AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N ???? *Category: Stored Cross-Site Scripting (XSS)*
Manga⚠️ https://github.com/lam-sec/openDCIMpoc
Màdùmga
 lamouchi (UID 84095)
Furta08/27/2025 20:02 (6 Wurɗi 전)
Gargajiya09/11/2025 07:34 (14 days later)
HalittaShingilam
VulDB gite323613 [openDCIM 23.04 SVG File /scripts/uploadifive.php Filedata Cross Site Scripting]
Nganji20

GurɗoGumtiGada

Do you know our Splunk app?

Download it now for free!