Fiora Chat Application File Upload Vulnerability Allowing Cross-Site Scripting

A file upload vulnerability has been identified in the Fiora chat application, version 1.0.0. This vulnerability arises from the application's failure to properly validate SVG file content during user avatar uploads. As a result, malicious SVG files can be uploaded and stored, containing embedded foreignObject elements with iframe tags and JavaScript event handlers. When these SVG files are rendered, the embedded JavaScript executes, potentially allowing attackers to steal user sessions and cookies, and perform unauthorized actions on behalf of users viewing the affected profiles.

Impact

Exploitation of this vulnerability allows for Cross-Site Scripting (XSS) attacks, where injected JavaScript can execute in the context of the user.

Reproduction

To reproduce this vulnerability, upload a malicious SVG file as a user avatar. The SVG file must include a foreignObject element containing an iframe with a JavaScript event handler, such as onmouseover. Once the file is uploaded, the JavaScript will execute when the avatar is rendered.