MetInfo CMS Stored Cross-Site Scripting Vulnerability in Download Management Module

A stored Cross-Site Scripting (XSS) vulnerability exists in MetInfo CMS version 8.0, specifically within the download management module. The issue arises in the component responsible for handling downloads, where attackers can upload malicious SVG files embedded with JavaScript. This JavaScript executes when the file is accessed by users.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of the user viewing the file, which could include administrators. This could lead to the theft of sensitive information such as session cookies and authentication tokens, unauthorized actions being performed on behalf of the user, and potential escalation to more severe attacks by chaining with other vulnerabilities.

Reproduction

To reproduce this vulnerability, upload a malicious SVG file containing JavaScript into the download management module of MetInfo CMS 8.0. After the file is uploaded, the JavaScript will execute automatically when the file is accessed.

Remediation

Users are advised to update MetInfo CMS to a version that addresses this vulnerability. If no update is available, consider implementing a Content Security Policy (CSP) that prevents the execution of scripts from uploaded files, and serve SVG files with a MIME type that disables script execution.