FlatPress XML File Handler/MD File admin.uploader.php onupload cross site scripting

Vulnerability

The vulnerability exists in FlatPress's uploader component, specifically in the onupload function within admin/panels/uploader/admin.uploader.php. The uploader handles XML and Markdown (.md) files without proper sanitization, allowing an attacker to inject malicious scripts. Affected versions are those prior to the commit 3cc223dec5260e533a84b5cf5780d3a4fbf21241. [1][2]

Exploitation

An attacker with the ability to upload files (typically an authenticated user with upload permissions) can craft a malicious XML or Markdown file containing embedded JavaScript. When the file is processed by the uploader, the script is stored and later executed in the context of other users viewing the uploaded content. The attack is remote and does not require any special network position beyond access to the upload functionality. [2]

Impact

Successful exploitation leads to stored cross-site scripting (XSS). An attacker can execute arbitrary JavaScript in the browsers of other users, potentially leading to session hijacking, defacement, or theft of sensitive information. The impact is limited to the privileges of the victim user within FlatPress. [1][2]

Mitigation

The fix is available in commit 3cc223dec5260e533a84b5cf5780d3a4fbf21241 on the FlatPress GitHub repository. Users should apply the patch or update to a version that includes this commit. No workaround is documented; applying the patch is the recommended mitigation. [1]