Stored-XSS vulnerability
Reported by Yann CAM (ycam) by mail:
Jirafeau once was affected by CVE-2022-30110. The fix provided back then checks for MIME type image/svg+xml
. But this check can be bypassed by manipulating the request header to contain MIME type image/svg+XML
.
ycam also provided a fix. All we have to do is to replace strpos()
in line 562 of functions.php with stripos()
, so that it looks like this:
if (in_array($decomposed[0], $viewable) && stripos($mime, 'image/svg+xml') === false) {
I will include this fix in 4.6.1 and report a CVE.
Edited by Patrick Canterino