jshERP Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in jshERP versions through 3.5. This issue allows attackers to upload PDF files containing XSS payloads, which can then be accessed via static URLs available to all users.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where uploaded PDF files with XSS payloads can be accessed and executed by users.

Reproduction

To reproduce this vulnerability, upload a PDF file containing a malicious XSS payload through the '/systemConfig/upload' endpoint. Once the file is uploaded, access the static URL of the PDF to trigger the XSS payload. This URL is accessible to all users, increasing the risk of exploitation.

Remediation

It is recommended to remove support for PDF file uploads entirely, as they are not necessary for the website's functionality. If PDF uploads must be allowed, implement validation to check for and remove any malicious XSS payloads before the files are accepted.