Skip to content

The ZIP upload feature of UJCMS_v9.7.5 has a stored XSS vulnerability. #12

New issue
New issue
Open
Open
The ZIP upload feature of UJCMS_v9.7.5 has a stored XSS vulnerability.#12
@IceFoxH

Description

@IceFoxH
IceFoxH
opened on Feb 25, 2025

【Vulnerability Description】
There is a vulnerability in the ZIP upload function of the ujcms_v9.7.5 backend. The content of HTML and PDF files in the uploaded ZIP compressed package is not filtered or checked. When users view maliciously crafted HTML or PDF files, the embedded malicious JavaScript code will be triggered, which may lead to the theft of sensitive tokens.

【Vulnerability Type】
CWE-79: Cross-site Scripting

【Product Vendor】
https://gitee.com/ujcms/ujcms
https://github.com/ujcms/ujcms
https://www.ujcms.com/

【Affected Product Code Repository】
ujcms_v9.7.5

【Vulnerability Proof】
Upload a ZIP compressed package containing HTML and PDF files with XSS payload
Clicking on "View" will trigger the XSS payload

Image

Image

Image

Image

【Code Location】
/main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java#uploadZip

【Code Analysis】
No check is performed on the content of files in the ZIP compressed package

Image

Image

【Repair Suggestions】
Check the content of files in the compressed package

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions