Oitcode Samarium Cross-Site Scripting Vulnerability in Pages Image Handler
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in Oitcode Samarium Business Management System, all versions through 0.9.6. The issue arises in the Pages Image Handler component, specifically within the file '/cms/webpage/'. This vulnerability allows for the upload of SVG files containing malicious JavaScript, which is executed when the image is viewed, even by users who are not authenticated.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user's session. This could lead to session hijacking by exfiltrating session cookies.
Reproduction
To reproduce this vulnerability, upload a malicious SVG file through the image upload feature in '/cms/webpage/'. The uploaded file will be stored in '/gallery/'. After uploading, the SVG file can be accessed directly from the gallery, where the embedded JavaScript will execute in the browser.
Remediation
It is recommended to block SVG uploads or sanitize SVG content on the server side using tools like DOMPurify. Additionally, implement validation of MIME types and file content before accepting uploads, and serve user-uploaded files from a separate domain or enforce a generic Content-Type to prevent execution.