Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. This allows an attacker who has compromised a managed SSH server to plant a malicious file, which, when previewed by the Termix user, executes arbitrary JavaScript in the context of the application. The vulnerability is located in src/ui/desktop/apps/file-manager/components/FileViewer.tsx. This vulnerability is fixed in 1.10.0.
Problem Types
| Type | CWE ID | Description |
|---|
| CWE | CWE-269 | CWE-269: Improper Privilege Management |
| CWE | CWE-79 | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
Type: CWE
Description: CWE-269: Improper Privilege Management
Type: CWE
Description: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
| Version | Base score | Base severity | Vector |
|---|
| 3.1 | 8.0 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N |
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N