Description

A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend users, it allows authenticated attackers to execute arbitrary JavaScript in the context of other backend users' browsers, potentially leading to the theft of sensitive tokens.

INFO

Published Date :

2024-12-16T00:00:00.000Z

Last Modified :

2024-12-17T16:56:32.250Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-55451 vulnerability.

Vendors Products
Ujcms
  • Ujcms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-55451.

URL Resource
https://github.com/cydtseng/Vulnerability-Research/blob/main/ujcms/StoredXSS-SVGUpload.md cve-icon cve-icon cve-icon
https://github.com/dromara/ujcms cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact