XSS via mime sniffing on .dat files
1 guest and 0 members have just viewed this.
Control functions:
Important: This website is now read only (except to admins) to comply with the UK Online Safety Act. Composr CMS is in the process of migrating to a new Constitutional governance model and Bazaar development model, with functionality of the old website (constructed by ocProducts Ltd, the prior copyright holder, a UK company) spread between GitLab and the new website (which has no connections to the UK).
A symbol is missing: CSRF_TOKEN. This usually happens when Comcode is written without placing template/PHP code within a code tag.
XSS via mime sniffing on .dat files
26th September 2019, 3:48 amThere is a vulnerability in Composr's storage of uploads as .dat files on servers. A hacker could plant code with JavaScript, then trick an administrator to running it on their machine.
This is a low-to-medium risk vulnerability. With planning, creativity, and coordination, this could result in a hacker attaining various malicious outcomes. JavaScript code does not have access to files on a user's own computer, but it can be used to automate privileged web page actions on the website it is running on.