Product:<\/strong> Seafile
Affected Version:<\/strong> 9.0.6
Vulnerability Type:<\/strong> Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (<\/span>CWE-79)
Security Risk:<\/strong> Medium
Vendor URL:<\/strong> https:\/\/seafile.com<\/a>
Vendor Status:<\/strong> fixed
CVE number:<\/strong>\u00a0 requested<\/span><\/p>\n
<\/span><\/p>\n The Seafile application allows to set up a self-hosted cloud storage system. It supports common functions such as synchronization of files between server and client, as well as group sharing. The markdown editor allows an attacker to inject a javascript payload in the *href* attribute of the *a* tag.<\/p>\n The payload is executed if a user visits and clicks on the link on the wiki page (or the file somewhere else).<\/p>\n It is recommended to treat all input on the website as potentially dangerous. This security vulnerability was found by Christian P\u00f6schl of usd AG.<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" usd-2022-0032 | Seafile 9.0.6 - Cross-Site Scripting Advisory ID: usd-2022-0032Product: SeafileAffected Version: 9.0.6Vulnerability Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)Security Risk: MediumVendor URL: https:\/\/seafile.comVendor Status: fixedCVE number:\u00a0 requested Description The Seafile application allows to set up a self-hosted cloud storage system. It supports common functions such as synchronization of files […]<\/p>\n","protected":false},"author":96,"featured_media":17032,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-19480","page","type-page","status-publish","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/19480","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=19480"}],"version-history":[{"count":0,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/19480\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media\/17032"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=19480"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Description<\/h2>\n
In addition to the basic functions, Seafile also provides it's users with a wiki and a discussion feature. The markdown editor, provided by the application, does not properly filter javscript URIs from the `href` attribute, which results in stored XSS.<\/p>\nProof of Concept<\/h2>\n
![\"\"](\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2023\/02\/usd20220032-proof.png\")
<\/p>\nFix<\/h2>\n
Hence, all output that is dynamically generated based on user-controlled data should be encoded according to its context.
The majority of programming languages support standard procedures for encoding meta characters.<\/p>\nReferences<\/h2>\n
\n
Timeline<\/h2>\n
\n
Credits<\/h2>\n