Metinfo CMS 8.0 Stored XSS in Image Management Module (CVE-2022-4752)

Key Information Summary Vulnerability Description Type: Stored XSS vulnerability Location: Image management module in Metinfo CMS 8.0, specifically in CVE ID: CVE-2022-4752 Affected Product Product: Metinfo CMS Version: 8.0 Component: Image management module ( ) CWE ID: CWE-79: Improper Neutralization of Input During Web Page Generation ('a.k.a. XSS') Technical Details Deployment Environment: Metinfo CMS 8.0 deployed locally using PHPstudy, accessible via Source Code URL: Other Trigger Points: Proof of Concept (PoC) Steps: 1. Navigate to the image management module and select the "Upload Image" feature. 2. Create a malicious SVG file containing XSS payload code. 3. Successfully upload the SVG file without any content validation or sanitization. 4. When viewing the uploaded file, the JavaScript code embedded in the SVG is executed by the browser. Vulnerability Code Analysis Root Cause: The image management module does not validate or sanitize the content of uploaded SVG files. Recommended Fixes: 1. Validate SVG file content. 2. Sanitize potentially dangerous content. 3. Implement stricter MIME type checks. 4. Convert SVG files to safer formats (e.g., PNG, JPEG). 5. Enforce Content Security Policy (CSP). 6. Serve only specific, approved types of SVG files. Impact Consequences: 1. Session hijacking. 2. Theft of sensitive information. 3. Unauthorized operations. 4. Denial of service (DoS). Mitigation Recommendations Actions: 1. Enhance security of the image management module. 2. Implement content validation and sanitization. 3. Convert SVG files to safer formats. 4. Enforce CSP policies. 5. Restrict allowed SVG file types. Timeline 2022-08-22: Vulnerability discovered. 2022-08-22: Documentation and PoC created. Future Date: Vulnerability reported to vendor. Future Date: CVE assigned.

Goal Reached Thanks to every supporter — we hit 100%!

Metinfo CMS 8.0 Stored XSS in Image Management Module (CVE-2022-4752)