Thanks GHSL team member @p- for disovering and reporting this!
Stored XSS through user file upload (GHSL-2024-184) vulnerability reported:
A stored cross-site scripting has been found in the image upload functionality that can be used by normal registered users: It is possible to upload a SVG image containing JavaScript and it's also possible to upload a HTML document when the format parameter is manually changed to documents or a string of an unsupported format. If an authenticated user or administrator visits that uploaded image or document malicious JavaScript can be executed on their behalf (e.g. changing or deleting content inside of the CMS.)
This PR fixes the vulnerability by introducing the file_content_unsafe? method, which is scanning the file content for unsafe expressions and patterns in the upload_file method of the CamaleonCms::UploaderHelper.
Thanks GHSL team member @p- for disovering and reporting this!
Stored XSS through user file upload (GHSL-2024-184) vulnerability reported:
A stored cross-site scripting has been found in the image upload functionality that can be used by normal registered users: It is possible to upload a SVG image containing JavaScript and it's also possible to upload a HTML document when the format parameter is manually changed to documents or a string of an unsupported format. If an authenticated user or administrator visits that uploaded image or document malicious JavaScript can be executed on their behalf (e.g. changing or deleting content inside of the CMS.)
This PR fixes the vulnerability by introducing the
file_content_unsafe?method, which is scanning the file content for unsafe expressions and patterns in theupload_filemethod of theCamaleonCms::UploaderHelper.