soerennb eXtplorer Cross-Site Scripting Vulnerability in Filename Handler

A stored cross-site scripting vulnerability has been identified in soerennb eXtplorer versions through 2.1.15. The issue arises in the Filename Handler component, where user-controlled input is not properly sanitized before being outputted, allowing for the injection of malicious scripts. This vulnerability can be exploited remotely and requires user interaction. The injected script is executed in the context of the eXtplorer origin, potentially leading to cross-user action hijacking.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of the affected user, with the potential for cross-user action hijacking. This includes the ability to manipulate files and directories accessed by the user, and in some cases, modify web-served files which could lead to server-side code execution.

Reproduction

To reproduce this vulnerability, upload a file with a name containing a script payload, such as an image tag with an 'onerror' event. After uploading, perform actions such as moving the file, renaming it, or editing it. Each of these actions will trigger the execution of the injected script. Alternatively, the deletion action also activates the XSS payload, although the file manager will report that the file does not exist.

Remediation

Users are advised to update to the patched version of eXtplorer. The patch is available on the eXtplorer GitHub repository.