一、 漏洞 CVE-2026-22804 基础信息
漏洞信息
# Termix 文件管理器存储型XSS导致LFI和会话劫持
## 概述
Termix 是一款基于 Web 的服务器管理平台,提供 SSH 终端、隧道和文件编辑功能。在版本 1.7.0 至 1.9.0 中,其文件管理组件存在存储型跨站脚本(Stored XSS)漏洞。
## 影响版本
1.7.0 到 1.9.0
## 细节
漏洞位于 `src/ui/desktop/apps/file-manager/components/FileViewer.tsx`。应用在预览 SVG 文件时未对文件内容进行适当过滤和转义,导致恶意 SVG 文件可被执行。攻击者若已控制托管的 SSH 服务器,可上传恶意 SVG 文件,当用户通过 Termix 文件管理器预览该文件时,触发 XSS。
## 影响
攻击者可利用该漏洞在受害者浏览器中执行任意 JavaScript 代码,从而劫持用户会话、窃取敏感信息或进行其他恶意操作。该漏洞已在 1.10.0 版本中修复。
神龙判断
是否为 Web 类漏洞: 未知
判断理由:
N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. This allows an attacker who has compromised a managed SSH server to plant a malicious file, which, when previewed by the Termix user, executes arbitrary JavaScript in the context of the application. The vulnerability is located in src/ui/desktop/apps/file-manager/components/FileViewer.tsx. This vulnerability is fixed in 1.10.0.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
特权管理不恰当
来源:美国国家漏洞数据库 NVD
漏洞标题
Termix 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Termix是Karmaa个人开发者的一个服务器管理平台。 Termix 1.7.0版本至1.9.0版本存在安全漏洞,该漏洞源于文件管理器组件渲染SVG文件前未清理内容,可能导致存储型跨站脚本攻击。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2026-22804 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | This repository contains a Proof of Concept (PoC) exploit for the Stored Cross-Site Scripting (XSS) vulnerability in Termix, which can lead to Local File Inclusion (LFI) in the Electron environment and Session Hijacking. | https://github.com/ThemeHackers/CVE-2026-22804 | POC详情 |
三、漏洞 CVE-2026-22804 的情报信息
标题: Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser · Advisory · Termix-SSH/Termix · GitHub -- 🔗来源链接
标签:x_refsource_CONFIRM
神龙速读:- **Vulnerability**: Stored Cross-Site Scripting (XSS) - **Severity**: High (CVSS v3.1: 8.0/10) - **Affected Package**: github.com/Termix-SSH/Termix - **Affected Versions**: 1.7.0 - 1.9.0 - **Patched Versions**: 1.10.0 - **CVE ID**: CVE-2026-22804 - **Weaknesses**: CWE-79, CWE-269 ### Key Vulnerability Details: - **File Manager Component**: Vulnerable to Stored XSS related to SVG file rendering due to improper sanitization. - **Location**: `src/ui/desktop/apps/file-manager/components/FileViewer.tsx` in the `FileViewer.tsx` component. ### Attack Method: #### 1. Web Browser Impact: - **Injection Point**: SVG content rendered with `dangerouslySetInnerHTML`. - **Exploit Script**: SVG payload containing an `onerror` handler can lead to arbitrary JavaScript execution within the application. - **Session Hijacking**: Attacker can access `localStorage` and access JWT tokens to fully control the user’s account. ### 2. Electron Desktop Application Impact: - **Configuration Issue**: `webSecurity: false` disables security protections like Same-Origin Policy. - **Local File Read Exploit**: Attacker can use `fetch` calls in JavaScript payloads to read local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) and send them to a remote server. ### Impact: - **Local File Inclusion (LFI)** via XSS injection escalates into unauthorized access to sensitive files. - **High Attack Complexity**: Requires remote server compromise and creating targeted malicious files for execution.
- https://nvd.nist.gov/vuln/detail/CVE-2026-22804
四、漏洞 CVE-2026-22804 的评论
暂无评论