Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2023-33977 PoC — Stored cross site scripting (XSS) via unrestricted file upload in Kiwi TCMS

Source
https://github.com/mnqazi/CVE-2023-33977
Associated Vulnerability
Title:Stored cross site scripting (XSS) via unrestricted file upload in Kiwi TCMS (CVE-2023-33977)
Description:Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded and Content-Security-Policy definition to prevent cross-site-scripting attacks. The upload validation checks were not 100% robust which left the possibility to circumvent them and upload a potentially dangerous file which allows execution of arbitrary JavaScript in the browser. Additionally we've discovered that Nginx's `proxy_pass` directive will strip some headers negating protections built into Kiwi TCMS when served behind a reverse proxy. This issue has been addressed in version 12.4. Users are advised to upgrade. Users unable to upgrade who are serving Kiwi TCMS behind a reverse proxy should make sure that additional header values are still passed to the client browser. If they aren't redefining them inside the proxy configuration.
Description
Read more at Medium
Readme
# CVE-2023-33977

# Stored XSS Via SVG Upload in kiwitcms/kiwi - by M Nadeem Qazi

## Description

This repository addresses the stored XSS vulnerability discovered in the kiwitcms/kiwi application, which was assigned the CVE-2023-33977 identifier. The vulnerability allows for the execution of malicious scripts via SVG file uploads. When an SVG file containing the payload is uploaded, the script gets executed in the context of the victim's browser, potentially leading to data theft, account compromise, and the distribution of malware.

## Proof of Concept

A detailed proof of concept for this vulnerability can be found in the following video:

[![Proof of Concept](https://img.youtube.com/vi/73qXeC8vUFg/0.jpg)](https://www.youtube.com/watch?v=73qXeC8vUFg)

## Impact

The impact of this vulnerability is significant and poses a serious risk to the security and integrity of the kiwitcms/kiwi application. Attackers can leverage this vulnerability to inject malicious scripts into the website, potentially allowing them to steal sensitive information, hijack user sessions, deface the website, manipulate content, and launch phishing attacks. These actions can result in reputational damage, compromised user accounts, and the dissemination of malware throughout the system.

## References

For more details on this vulnerability, please refer to the following resources:

- [huntr.dev Report](https://huntr.dev/bounties/19470f0b-7094-4339-8d4a-4b5570b54716/)
- [Medium Blog - Stored XSS Via SVG Upload in kiwitcms/kiwi](https://medium.com/@mnqazi/stored-xss-vulnerability-in-kiwitcms-kiwi-cve-2023-33977-1234567890)

You can also follow me for updates on my research and other security-related topics:

- Instagram: [@mnqazi](https://www.instagram.com/mnqazi)
- Twitter: [@mnqazi](https://twitter.com/mnqazi)
- Facebook: [@mnqazi](https://www.facebook.com/mnqazi)
- LinkedIn: [M Nadeem Qazi](https://www.linkedin.com/in/m-nadeem-qazi)

Let's prioritize security and protect our systems from potential threats. Stay vigilant! 💻🔒
File Snapshot

 [4.0K]  /data/pocs/411322f683d55f089838e81c6f7b15baa5a69c41
└── [2.0K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →