PT-2023-25717 · Statamic · Statamic

Robyfirnandoyusuf

·

Published

2023-07-05

·

Updated

2023-07-12

·

CVE-2023-36828

CVSS v3.1

5.5

Medium

VectorAV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions Statamic versions prior to 4.10.0
Description The issue concerns the SVG tag not sanitizing malicious SVG, allowing an attacker to perform cross-site scripting attacks using SVG, even when using the sanitize function. This can be exploited by uploading a manipulated SVG file, potentially triggering an XSS vulnerability. The estimated number of potentially affected devices is not specified.
Technical details about exploitation include:
  • API Endpoints: Not specified
  • Vulnerable Parameters or Variables: sanitize function, File::get()
  • Function Names: sanitize function
Recommendations For versions prior to 4.10.0, update to version 4.10.0 to resolve the issue. As a temporary workaround, consider sanitizing the SVG when outputting it, utilizing a reliable package such as https://github.com/darylldoyle/svg-sanitizer to ensure comprehensive SVG sanitization capabilities. Restrict access to uploading SVG files to minimize the risk of exploitation until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-36828
GHSA-6R5G-CQ4Q-327G

Affected Products

Statamic