Stored XSS via filename parameter in '/api/storage/upload/PostImage'

blogifierdotnet / Blogifier

Blogifier is an open-source publishing platform Written in ASP.NET and Blazor WebAssembly. With Blogifier make a personal blog or a website.

https://blogifier.net

MIT License

1.26k stars 518 forks source link

Closed tuando243 closed 2 years ago

tuando243 commented 2 years ago

Describe the bug Stored XSS exists in Blogifier 3.0 via filename parameter in '/api/storage/upload/PostImage'.

Steps to reproduce

Login as admin.
Click on 'New post'.
Click on 'Insert Image' and insert the following payload <img src=1 onerror=alert(1)> in filename field.
Click on Save, Publish and View the post.

rxtur commented 2 years ago

Fixed with commit 97fcdac