GHSA-7wqv-xjf3-x35v: Parse Stored XSS via trailing-dot filename bypassing upload blocklist

Vulnerability Overview Vulnerability Name: Stored XSS via trailing-dot filename bypassing file upload extension blocklist Vulnerability ID: GHSA-7wqv-xjf3-x35v Associated Pull Request: #10490 Scope of Impact Vulnerability Type: Stored Cross-Site Scripting (Stored XSS) Trigger Condition: Bypassing the file upload extension blacklist using a trailing dot in the filename Potential Impact: Attackers can upload specially formatted files to store malicious scripts on the server. When other users access these files, the malicious scripts are executed, potentially leading to security issues such as user data leakage and session hijacking. Remediation Plan Remediation Measure: Implement stricter validation of filenames in the file upload handling logic to ensure that filenames do not contain special characters (such as trailing dots) that could bypass the blacklist. Specific Implementation: Modify the code related to file uploads to add checks for filenames, preventing them from containing special characters. POC Code / Exploit Code POC Code: No specific POC code or exploit code was provided on the page. Additional Information Status: Merged Merge Time: 2 weeks ago Merge Branch: Contributor: mtrezza Reviewer: None Labels: Summary This vulnerability involves a Stored XSS attack caused by bypassing the file upload extension blacklist via a trailing dot in the filename. The remediation involves adding strict validation to filenames in the file upload handling logic to prevent the inclusion of special characters. The vulnerability has been fixed and merged into the branch.

Goal Reached Thanks to every supporter — we hit 100%!

GHSA-7wqv-xjf3-x35v: Parse Stored XSS via trailing-dot filename bypassing upload blocklist

More from this source