FormCms Stored Cross-Site Scripting Vulnerability in Avatar Upload Feature
Vulnerability
A stored cross-site scripting vulnerability has been identified in FormCms version 0.5.5, within the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are then accessible via a public URL. When a privileged user, such as a Super Admin, accesses the file, the script executes in their browser context. This execution allows the attacker to perform unauthorized actions on behalf of the victim, such as managing users and roles or accessing sensitive application data.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where uploaded malicious scripts are executed in the context of the user who accesses the file.
Reproduction
To reproduce this vulnerability, an authenticated user can upload a .html file containing JavaScript through the avatar upload endpoint. After the file is uploaded, it is stored in a publicly accessible location. The attacker can then retrieve the public URL of the uploaded file and share it with a privileged user, who, upon accessing the link, will trigger the execution of the embedded script in their browser.
Remediation
Users can update to FormCms version 0.5.7, which addresses this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.