Vulnerability

XSS via SVG Image Upload - AlegroCartv1.2.9

Posted by Andrey Stoykov on Apr 23# Exploit Title: XSS via SVG Image Upload - alegrocartv1.2.9 # Date: 04/2025 # Exploit Author: Andrey Stoykov # Version: 1.2.9 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ XSS via SVG Image Upload: Steps to Reproduce: 1. Visit http://192.168.58.129/alegrocart/administrator/?controller=download 2. Upload SVG image file with the contents below 3. Intercept the POST request and change the Content-Type to "Content-Type:...

ThreatWatcherThreatWatcher
Apr 24, 2025 - 09:30
 0  6
XSS via SVG Image Upload - AlegroCartv1.2.9

Posted by Andrey Stoykov on Apr 23# Exploit Title: XSS via SVG Image Upload - alegrocartv1.2.9
# Date: 04/2025
# Exploit Author: Andrey Stoykov
# Version: 1.2.9
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

XSS via SVG Image Upload:

Steps to Reproduce:

1. Visit http://192.168.58.129/alegrocart/administrator/?controller=download
2. Upload SVG image file with the contents below
3. Intercept the POST request and change the Content-Type to "Content-Type:...

Read More on SecLists

Tags:

Previous Article

Stored XSS in "Message" Functionality - AlegroCartv1.2.9

Next Article

BBOT 2.1.0 - Local Privilege Escalation via Malicious Module Execution

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow

ThreatWatcher
ThreatWatcher

Related Posts

[webapps] Jasmin Ransomware - SQL Injection Login Bypass

[webapps] Jasmin Ransomware - SQL Injection Login Bypass

ThreatWatcher Mar 22, 2025  0  13

[remote] OpenSSH server (sshd) 9.8p1 - Race Condition

[remote] OpenSSH server (sshd) 9.8p1 - Race Condition

ThreatWatcher Apr 22, 2025  0  6

APPLE-SA-03-31-2025-8 macOS Sonoma 14.7.5

APPLE-SA-03-31-2025-8 macOS Sonoma 14.7.5

ThreatWatcher Apr 3, 2025  0  4