Remote Code Execution via Stored XSS in SVG Image Upload
A stored XSS vulnerability in the SVG image upload function of Lollms (version 9.9) allows for remote code execution. This issue was patched in version 9.9.
Available publicly on Oct 08 2024 | Available with Premium on Jul 08 2024
Threat Overview
The vulnerability arises from the incomplete filtering in the sanitize_svg function, which fails to properly sanitize SVG files. This allows attackers to inject malicious JavaScript into SVG files, which can then be executed when an authorized user accesses the URL of the uploaded SVG. The injected script can perform actions such as sending HTTP requests to execute commands on the server, leading to remote code execution.
Attack Scenario
An attacker uploads a malicious SVG file containing JavaScript to the discussion page. When an authorized user accesses the URL of the uploaded SVG, the malicious script executes, sending a request to the server to run a command. This results in the attacker gaining control over the server or executing arbitrary commands.
Who is affected
Users of the Lollms application who upload or view SVG files, particularly those with administrative or elevated privileges, are affected by this vulnerability.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.