Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID? What is an MSC vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: December 1, 2021
OverviewIn CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious profile picture
DetailsThe “CKAN” application is affected by a stored XSS vulnerability via SVG file upload of users’ profile picture that allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious profile picture.
PoC DetailsRegister as a new user in the application (For demonstration purposes, we will call him “Bob”). Fill in all the required fields and upload a malicious svg file, such as given below.
Now open the application in a private window and login to the application as an administrator user.
Go to Users, “Bob”, and right click the profile picture. Click on “Open Image in New Tab” and see the malicious payload being triggered.
Affected EnvironmentsPyPI: 2.9.0 through 2.9.4; Github: ckan-2.9.0 through ckan-2.9.4
PreventionNo fix was provided by the maintainer.
Good to know:
No fix version available
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|