Juzaweb CMS Cross-Site Scripting Vulnerability in File Upload Component

A cross-site scripting (XSS) vulnerability has been identified in Juzaweb CMS versions prior to 3.4.2. The issue arises in the file manager upload functionality within the profile page component. By manipulating the upload argument, an attacker can inject malicious scripts. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, create a new user and assign a role with all permissions disabled. Log in as this user and navigate to the profile page. In the 'Avatar' field, upload a malicious SVG file, bypassing the extension filters. Intercept the upload request with a proxy tool like Burp Suite, and change the 'type' parameter from 'image' to 'file' before sending the request. Although an error may be displayed, the file will be uploaded to the media library. Accessing the uploaded file will trigger the malicious payload.