Last active
December 15, 2022 09:06
-
-
Save MaxRozendaal/633b34a4675b60caed736e5ffe28f272 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Description] | |
| An arbitrary file upload vulnerability in the profile picture upload | |
| function of Exact Synergy Enterprise 267 before 267SP13 and Exact | |
| Synergy Enterprise 500 before 500SP6 allows attackers to execute | |
| arbitrary JavaScript-code via a crafted SVG file. | |
| ------------------------------------------ | |
| [Additional Information] | |
| The profile picture upload functionality in Exact Synergy Enterprise before 267SP13 and 500SP6 allowed for the upload of SVG images. An attacker could upload a SVG image with arbitrary JavaScript code. This file would be accepted by the application and stored on the server of the application. The crafted SVG could then be included in the 'Workspace' functionality in the application by including it in an <iframe>-tag. An attacker could craft a 'Workspace' that executed the arbitrary JavaScript code in the crafted SVG image in the context of the browser of a victim. | |
| ------------------------------------------ | |
| [Vulnerability Type] | |
| Cross Site Scripting (XSS) | |
| ------------------------------------------ | |
| [Vendor of Product] | |
| Exact Software | |
| ------------------------------------------ | |
| [Affected Product Code Base] | |
| Exact Synergy Enterprise 267 - <267SP13 (fixed in version 267SP13) | |
| Exact Synergy Enterprise 500 - <500SP6 (fixed in version 500SP6) | |
| ------------------------------------------ | |
| [Affected Component] | |
| File upload functionality, profile picture functionality | |
| ------------------------------------------ | |
| [Attack Type] | |
| Remote | |
| ------------------------------------------ | |
| [Impact Code execution] | |
| true | |
| ------------------------------------------ | |
| [Attack Vectors] | |
| To exploit vulnerability, an attacker must upload a crafted SVG image. This crafted image must then be visited by a victim, either directly or by being included in the application, for the XSS payload to be executed. | |
| ------------------------------------------ | |
| [Reference] | |
| https://www.exactsoftware.com/docs/DocView.aspx?DocumentID=%7B97a4be55-1648-40c8-90a4-3837f99aea8d%7D | |
| https://www.exactsoftware.com/docs/DocView.aspx?DocumentID=%7B722a8ba0-1c6c-4cd5-acdd-769e9da5271c%7D | |
| ------------------------------------------ | |
| [Has vendor confirmed or acknowledged the vulnerability?] true | |
| ------------------------------------------ | |
| [Discoverer] | |
| Max Rozendaal from Secura.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment