漏洞平台

POC详情： eece55c9efba8c9322a2154328467897f2056076

来源

https://github.com/Kov404/CVE-2025-56514

关联漏洞

标题： Fiora 跨站脚本漏洞 (CVE-2025-56514)
描述：Fiora ·是yinxin630个人开发者的一个聊天应用程序。 Fiora 1.0.0版本存在跨站脚本漏洞，该漏洞源于恶意SVG文件渲染时执行任意JavaScript，可能导致跨站脚本攻击。

描述

Cross Site Scripting (XSS) Vulnerability in Fiora Chat Application

介绍

# CVE-2025-56514: Cross Site Scripting (XSS) Vulnerability in Fiora Chat Application

## Overview
A Cross Site Scripting (XSS) vulnerability, identified as **CVE-2025-56514**, affects the Fiora chat application version 1.0.0. This vulnerability allows an authenticated user to execute arbitrary JavaScript in the context of another user's browser by uploading a malicious SVG file through the group avatar change functionality.

## Vulnerability Details
- **Vulnerability Type**: Cross Site Scripting (XSS)
- **Attack Type**: Remote
- **Impact**: Code Execution
- **Affected Product Code Base**: Fiora 1.0.0
- **Vendor**: suisuijiang
- **Discoverer**: Kaio Mendonca Pereira

## Affected Components
The following components in the Fiora chat application are impacted:
- **Backend**: `packages/server/src/routes/group.ts` (group management routes)
- **Frontend**:
  - `packages/web/src/modules/Chat/GroupManagePanel.tsx` (group avatar upload interface)
  - `packages/web/src/service.ts` (API service layer)
  - `packages/web/src/components/Avatar.ts` (avatar rendering component)

## Attack Vectors
An authenticated user with creator privileges in a group can exploit this vulnerability by:
1. Uploading a malicious SVG file containing embedded JavaScript via the "Change Group Avatar" functionality.
2. The malicious SVG is stored in the `/GroupAvatar/` directory.
3. When the SVG avatar is rendered by the `Avatar.tsx` component in another user's browser, the embedded JavaScript executes, enabling XSS exploitation.

## Steps to Reproduce
1. **Authentication**: Log in to the Fiora chat application with valid credentials.
2. **Access Target Group**: Navigate to group management and select a group where you have creator privileges.
3. **Upload Malicious SVG**: Use the "Change Group Avatar" feature to upload a malicious SVG file with embedded JavaScript, such as:
   ```xml
   <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 100 100">
       <foreignObject x="0" y="0" width="100" height="100">
           <iframe xmlns="http://www.w3.org/1999/xhtml" src="https://evil.com" onmouseover="alert(document.cookie)" width="100" height="100"></iframe>
       </foreignObject>
       <text x="0" y="15"></text>
   </svg>

文件快照


 [4.0K]  /data/pocs/eece55c9efba8c9322a2154328467897f2056076
└── [2.2K]  README.md

0 directories, 1 file

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。