[CMS-14278] It is possible to perform a XSS attack by an uploaded svg image file - Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 12.6.15, 13.4.8, 14.5.0
Component/s: None
Labels:
None

Story Points:
0.25
Processed by team:
Quasar
Sprint:
Puma Sprint 249, Puma Sprint 250

Description

Reproduction (with saas sample project, but any project will do):

Prepare a SVG image by adding an onload attribute svg element: <svg onload="alert(1);" ....
Upload the image to gallery/brxsaas/images
open the file http://localhost:8080/site/binaries/content/gallery/brxsaas/images/foo.svg

Expect: svg shown with no alert popup

Actual: alert popup displayed.

Solution: Prevent XSS attacks via onload attribute of svg images by removing it from uploaded svg files.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Michiel Eggermont (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 02/Dec/20 12:02 PM

Updated:: 15/Dec/20 3:15 PM

Resolved:: 15/Dec/20 3:15 PM