FlintSH Flare Stored Cross-Site Scripting Vulnerability

A stored Cross-Site Scripting (XSS) vulnerability has been identified in FlintSH Flare versions through 1.7.0. The issue arises from inadequate content validation and sanitization, allowing users to upload files containing malicious JavaScript, particularly within SVGs or other active content formats like HTML or XML. When these files are viewed in 'raw' mode', the embedded scripts execute in the context of the application's origin, potentially leading to the exfiltration of user data.

Impact

Exploitation of this vulnerability allows for the execution of injected scripts in the context of the application's origin, when the file is viewed in 'raw' mode'. This could be used to exfiltrate user data, such as cookies or session information, and could also allow an attacker to perform actions on behalf of authenticated users.

Reproduction

To reproduce this vulnerability, log into the application with a valid account and upload a file containing embedded JavaScript, such as an SVG file with a script payload. After uploading, share the link to the file with a victim. When the victim opens the link and clicks the 'Raw' button, the JavaScript executes in their browser, sending data to an attacker-controlled server.

Remediation

Users can update to FlintSH Flare version 1.7.1 or later, where this vulnerability has been patched.