Umbraco CMS Arbitrary File Upload Vulnerability Allowing Code Execution

A vulnerability allowing arbitrary file upload has been identified in Umbraco CMS version 16.3.3. This issue arises from the application's media upload feature, which does not properly sanitize PDF files before they are uploaded. As a result, attackers can upload PDFs containing embedded JavaScript, which is executed in the context of the user's browser when the PDF is accessed through the Umbraco interface. This vulnerability could lead to stored cross-site scripting, with potential consequences such as session hijacking, unauthorized actions, exposure of sensitive information, and abuse of trusted user interactions within the CMS.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of the victim's browser, creating a stored cross-site scripting condition. This could result in session hijacking, unauthorized actions, exposure of sensitive information, and abuse of trusted user interactions within Umbraco CMS.

Reproduction

To reproduce this vulnerability, log into Umbraco CMS and navigate to the Media section. Upload a crafted PDF file containing embedded JavaScript. Once the file is uploaded, it can be accessed through the link generated by Umbraco. When the PDF is opened, the embedded JavaScript executes in the browser, demonstrating the cross-site scripting vulnerability.