Insecure file upload - Stored cross-site scripting

Issue date: 13-12-2021
Affects versions: 14.6, 13.4, 12.6

Security Issue ID

SECURITY-265

Affected Product Version(s)

14.6.3, 13.4.10, 12.6.18 and previous releases.

Severity

high

Description

We have identified that it is possible to upload an SVG file with an XSS payload. This file could be then browsed within the web folder. It means that an authenticated attacker could launch a Cross Site Scripting attack via inserting his malicious JavaScript code into an uploaded SVG file. Authenticated victim then could visit the uploaded file and an attacker could for example access sensitive victim's data and functionality.

A user cannot upload anymore a JPG file and then upload a malicious SVG file via an editing upload of that JPG file.

Instructions

Customers are recommended to upgrade to the latest version. As of the time of writing, 14.7.0 or 13.4.11, or 12.6.19.

Content Application

Channels

Projects

Relevance

Architecture

Concepts

Platform Configuration

Frontend Integration

Backend Development

Commerce Accelerator

Cloud Deployment (PaaS)

On-Premise Deployment

Security

Release Management

Platform Development

Bloomreach Documentation version

Insecure file upload - Stored cross-site scripting