Stored XSS Via SVG Upload in kiwitcms/kiwi
May 23rd 2023
I've found a Stored XSS via uploading SVG file with the following content:
<svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"><defs><font id="x"><font-face font-family="y"/></font></defs></svg>
Proof of Concept
Stored XSS vulnerabilities can lead to data theft, account compromise, and the distribution of malware. Attackers can inject malicious scripts into a website, allowing them to steal sensitive information or hijack user sessions. Additionally, stored XSS can result in website defacement and content manipulation, causing reputational damage. It can also be used as a platform for launching phishing attacks, tricking users into revealing their credentials or sensitive data.