Webedition CMS Stored Cross-Site Scripting Vulnerability via SVG Upload

A stored cross-site scripting vulnerability has been identified in Webedition CMS version 2.9.8.8. This vulnerability allows authenticated users to upload malicious SVG files containing embedded JavaScript. The crafted SVG files can be uploaded through the media upload feature, enabling attackers to inject and execute arbitrary scripts when the files are viewed by other users.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected SVG file.

Reproduction

To reproduce this vulnerability, log into an account on Webedition CMS v2.9.8.8. Navigate to the media upload section and select the option to upload an image. Upload a malicious SVG file that contains JavaScript, such as a script that triggers an alert with the document's location. Once the file is uploaded, the injected script will execute when the SVG file is viewed by other users.