Headline
GHSA-6xmx-85x3-4cv2: Stored XSS via SVG File Upload
Impact
A user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed.
Workaround
Implement the server side file validation https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation
or
Serve all media from an different host (e.g cdn) that where umbraco is hosted
Skip to content
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
- Pricing
Search code, repositories, users, issues, pull requests…
Provide feedback
Saved searches****Use saved searches to filter your results more quickly
Sign up
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2023-49279
Stored XSS via SVG File Upload
Package
nuget Umbraco.CMS (NuGet)
Affected versions
>= 7.0.0, < 7.15.11
>= 8.0.0, < 8.18.9
>= 9.0.0, < 10.7.0
>= 11.0.0, < 11.5.0
>= 12.0.0, < 12.2.0
Patched versions
7.15.11
8.18.9
10.7.0
11.5.0
12.2.0
Description
Published to the GitHub Advisory Database
Dec 13, 2023
Severity
CVSS base metrics
User interaction
Required
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:N
Weaknesses
GHSA ID
GHSA-6xmx-85x3-4cv2
Source code
Related news
Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted.