MetInfo CMS Stored Cross-Site Scripting Vulnerability in Column Management Module

A stored Cross-Site Scripting (XSS) vulnerability exists in MetInfo CMS version 8.0, specifically within the column management module. The issue arises in the 'app\system\column\admin\index.class.php' component, where attackers can upload malicious SVG files embedded with JavaScript. This script executes when the file is accessed by users.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of the user's browser, including administrators. This could lead to the theft of sensitive information such as session cookies and authentication tokens, unauthorized actions on behalf of users, and potential escalation to more severe attacks by chaining with other vulnerabilities.

Reproduction

To reproduce this vulnerability, upload a malicious SVG file containing JavaScript into the column management module. Once the file is uploaded, the embedded JavaScript will execute when the file is accessed, demonstrating the stored XSS vulnerability.

Remediation

To address this vulnerability, MetInfo CMS should implement proper validation and sanitization of SVG files during the upload process, convert SVGs to safer image formats, and apply Content Security Policy headers to prevent script execution from uploaded files.