Lucene search
Rayhan Ramdhany HanaputraWPVDB-ID:7A3B89CC-7A81-448A-94FC-36A7033609D5HistoryMay 24, 2024 - 12:00 a.m.
SVGMagic <= 1.1 - Stored XSS via SVG Upload
2024-05-2400:00:00
Rayhan Ramdhany Hanaputra
wpscan.com
svgmagic plugin
stored xss
svg upload
author role
media page
malicious javascript
5.5 Medium
AI Score
Confidence
High
Description The plugin does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
PoC
1. Create a SVG file with the malicious payload within it; Example SVG file: https://github.com/codesecure-org/xss-svg/blob/main/1.svg?short_path=97b023c 2. As a user with the Author role, go to the “Media” page and upload the SVG file 3. Access the uploaded file directly 4. You will see the XSS
Related
vulnrichment
vulnrichment
CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload
2024-06-14 06:00:04
cvelist
cvelist
CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload
2024-06-14 06:00:04
cve
cve
CVE-2024-4270
2024-06-14 06:15:12
wpexploit
wpexploit
SVGMagic <= 1.1 - Stored XSS via SVG Upload
2024-05-24 00:00:00
nvd
nvd
CVE-2024-4270
2024-06-14 06:15:12
wordfence
wordfence