WBCE CMS Stored Cross-Site Scripting Vulnerability via SVG File Upload

A stored cross-site scripting vulnerability has been identified in WBCE CMS version 1.6.1. This issue allows authenticated attackers to inject malicious JavaScript by uploading specially crafted SVG files through the media manager. The vulnerability arises because the application does not properly sanitize SVG files before they are accessed by users. Attackers can exploit this by uploading SVG files containing script tags to a specific endpoint, which will execute the JavaScript when the file is accessed by a victim.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected page.

Reproduction

To reproduce this vulnerability, upload a malicious SVG file containing JavaScript into the media manager. Once the file is uploaded, access it through the media manager, which will execute the embedded JavaScript. Alternatively, the vulnerability can be reproduced by injecting a script into a page through the WYSIWYG editor, which will also execute the JavaScript when the page is viewed.