Description

This script is vulnerable to XSS (Cross-site scripting). The web application allows file upload and Acunetix was able to upload a file containing HTML content. When HTML files are allowed, XSS payload can be injected in the file uploaded. Check Attack details for more information about this attack.

Remediation

Restrict file types accepted for upload: check the file extension and only allow certain files to be uploaded. Use a whitelist approach instead of a blacklist. Check for double extensions such as .php.png. Check for files without a filename like .htaccess (on ASP.NET, check for configuration files like web.config). Change the permissions on the upload folder so the files within it are not executable. If possible, rename the files that are uploaded.

References

OWASP Unrestricted File Upload

Why File Upload Forms are a major security threat

Testing for Stored Cross site scripting (OWASP-DV-002)

Related Vulnerabilities

WordPress Plugin MX Time Zone Clocks Cross-Site Scripting (3.4)

WordPress Plugin FireStats Cross-Site Scripting (1.6.4)

WordPress Plugin Slideshow Gallery LITE Cross-Site Scripting (1.5.3.4)

WordPress Plugin WP Statistics Cross-Site Scripting (12.6.7)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (3.3.5)

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Arbitrary File Creation Unauthenticated File Upload XSS