DbGate Stored Cross-Site Scripting Vulnerability in SVG Icon Handling

A stored cross-site scripting vulnerability has been identified in DbGate versions through 7.1.4. The issue arises in the SVG Icon String Handler component, specifically within the FontIcon.svelte file. The vulnerability allows attacker-controlled SVG icon strings to be rendered as raw HTML without proper sanitization. This flaw can be exploited remotely, executing scripts in the context of the affected user.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected application or database entry. In the Electron desktop version of DbGate, this can escalate to local code execution, as the application is configured to allow access to Node.js and Electron APIs.

Reproduction

To reproduce this vulnerability, create an application definition that includes a malicious SVG icon string in the applicationIcon field. This can be done by saving a JSON file with the injected SVG payload, which will then be executed as a script when the corresponding database or application entry is viewed.

Remediation

Users are advised to upgrade to DbGate version 7.1.5, which addresses this vulnerability by adding SVG icon sanitization.