Vulnerability Arbitrary Image Upload + XSS Via Image Name

pylixm / django-mdeditor

Django-mdeditor is Markdown Editor plugin application for django base on Editor.md.

https://pypi.org/project/django-mdeditor/

GNU General Public License v3.0

481 stars 103 forks source link

Vulnerability Arbitrary Image Upload + XSS Via Image Name #151

Open jeagercoder opened 2 years ago

jeagercoder commented 2 years ago

https://github.com/pylixm/django-mdeditor/blob/master/mdeditor/views.py

1.no authentication check so anyone can upload image file 2.Name of uploaded file is not cleaned so it is vulnerable to XSS attack, one can upload file with name like: ">

pylixm commented 2 years ago

@zonefteam Thank you for your reminder, I will fix it later.

Before releasing the new version, I hope everyone can check whether the problem will bring security risks to their services.

jeagercoder commented 2 years ago

of course because it is a security vulnerability.

arbitrary file upload 2, XSS stored

in our community there are some people who use django mdeditor, after I told them they immediately disabled the vulnerable upload feature