oitcode Samarium Unrestricted File Upload Vulnerability Allowing Stored Cross-Site Scripting

A critical stored cross-site scripting vulnerability has been identified in oitcode Samarium versions through 0.9.6. The issue arises in the Create Product Page component, specifically within the file '/dashboard/product'. The vulnerability allows for unrestricted file uploads, where an attacker can upload a malicious SVG file containing JavaScript. This script is executed when the image is viewed, even by users who are not authenticated.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the image. This could lead to session hijacking by exfiltrating session cookies.

Reproduction

To reproduce this vulnerability, upload a crafted SVG file containing JavaScript into the product image upload feature. After the file is uploaded, the product can be viewed on the main product listing page, where the uploaded image will execute the embedded script.

Remediation

It is recommended to block SVG uploads or sanitize SVG content on the server side using tools like DOMPurify. Additionally, implementing a MIME type check and file content validation can help mitigate this vulnerability.