Summary
Vision Space identified another Cross Scripting Malicious Script" Vulnerabilitythe file uplink page. The file
destination parameter in the /upload/destination endpoint is reflected insecurely in the Events tab on FileOpenError. This allows an attacker to include a malicious script into the file name parameter that will be executed without user interaction. The impact is limited as this parameter is constrained to 40 characters in the default configuration. However, this can potentially be increased in different applications.
Vision Space has also documented this vulnerability as:
CWE-73: External Control of File Name or Path
Details
This vulnerability was demonstrated by sending a request to /upload/destination setting the malicious script payload as the destination path, and then uploading a non-existing file to /upload/files, the payload is injected into the Events tab and executed.
PoC
(see above)
Impact
An adversary can inject a Malicious Script when uplinking a file without knowledge of the user.
Summary
Vision Space identified another Cross Scripting Malicious Script" Vulnerabilitythe file uplink page. The file
destination parameter in the /upload/destination endpoint is reflected insecurely in the Events tab on FileOpenError. This allows an attacker to include a malicious script into the file name parameter that will be executed without user interaction. The impact is limited as this parameter is constrained to 40 characters in the default configuration. However, this can potentially be increased in different applications.
Vision Space has also documented this vulnerability as:
CWE-73: External Control of File Name or Path
Details
This vulnerability was demonstrated by sending a request to /upload/destination setting the malicious script payload as the destination path, and then uploading a non-existing file to /upload/files, the payload is injected into the Events tab and executed.
PoC
(see above)
Impact
An adversary can inject a Malicious Script when uplinking a file without knowledge of the user.