Description
Fiora......................................................
Basic Information
ID
PACKETSTORM:210055
Published
Oct 1, 2025 at 00:00
Affected Product
Affected Versions
# CVE-2025-56514: Cross Site Scripting (XSS) Vulnerability in Fiora Chat Application
## Overview
A Cross Site Scripting (XSS) vulnerability, identified as **CVE-2025-56514**, affects the Fiora chat application version 1.0.0. This vulnerability allows an authenticated user to execute arbitrary JavaScript in the context of another user's browser by uploading a malicious SVG file through the group avatar change functionality.
## Vulnerability Details
- **Vulnerability Type**: Cross Site Scripting (XSS)
- **Attack Type**: Remote
- **Impact**: Code Execution
- **Affected Product Code Base**: Fiora 1.0.0
- **Vendor**: suisuijiang
- **Discoverer**: Kaio Mendonca Pereira
## Affected Components
The following components in the Fiora chat application are impacted:
- **Backend**: `packages/server/src/routes/group.ts` (group management routes)
- **Frontend**:
- `packages/web/src/modules/Chat/GroupManagePanel.tsx` (group avatar upload interface)
- `packages/web/src/service.ts` (API service layer)
- `packages/web/src/components/Avatar.ts` (avatar rendering component)
## Attack Vectors
An authenticated user with creator privileges in a group can exploit this vulnerability by:
1. Uploading a malicious SVG file containing embedded JavaScript via the "Change Group Avatar" functionality.
2. The malicious SVG is stored in the `/GroupAvatar/` directory.
3. When the SVG avatar is rendered by the `Avatar.tsx` component in another user's browser, the embedded JavaScript executes, enabling XSS exploitation.
## Steps to Reproduce
1. **Authentication**: Log in to the Fiora chat application with valid credentials.
2. **Access Target Group**: Navigate to group management and select a group where you have creator privileges.
3. **Upload Malicious SVG**: Use the "Change Group Avatar" feature to upload a malicious SVG file with embedded JavaScript, such as:
```xml
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 100 100">
<foreignObject x="0" y="0" width="100" height="100">
<iframe xmlns="http://www.w3.org/1999/xhtml" src="https://evil.com" onmouseover="alert(document.cookie)" width="100" height="100"></iframe>
</foreignObject>
<text x="0" y="15"></text>
</svg>
## Overview
A Cross Site Scripting (XSS) vulnerability, identified as **CVE-2025-56514**, affects the Fiora chat application version 1.0.0. This vulnerability allows an authenticated user to execute arbitrary JavaScript in the context of another user's browser by uploading a malicious SVG file through the group avatar change functionality.
## Vulnerability Details
- **Vulnerability Type**: Cross Site Scripting (XSS)
- **Attack Type**: Remote
- **Impact**: Code Execution
- **Affected Product Code Base**: Fiora 1.0.0
- **Vendor**: suisuijiang
- **Discoverer**: Kaio Mendonca Pereira
## Affected Components
The following components in the Fiora chat application are impacted:
- **Backend**: `packages/server/src/routes/group.ts` (group management routes)
- **Frontend**:
- `packages/web/src/modules/Chat/GroupManagePanel.tsx` (group avatar upload interface)
- `packages/web/src/service.ts` (API service layer)
- `packages/web/src/components/Avatar.ts` (avatar rendering component)
## Attack Vectors
An authenticated user with creator privileges in a group can exploit this vulnerability by:
1. Uploading a malicious SVG file containing embedded JavaScript via the "Change Group Avatar" functionality.
2. The malicious SVG is stored in the `/GroupAvatar/` directory.
3. When the SVG avatar is rendered by the `Avatar.tsx` component in another user's browser, the embedded JavaScript executes, enabling XSS exploitation.
## Steps to Reproduce
1. **Authentication**: Log in to the Fiora chat application with valid credentials.
2. **Access Target Group**: Navigate to group management and select a group where you have creator privileges.
3. **Upload Malicious SVG**: Use the "Change Group Avatar" feature to upload a malicious SVG file with embedded JavaScript, such as:
```xml
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 100 100">
<foreignObject x="0" y="0" width="100" height="100">
<iframe xmlns="http://www.w3.org/1999/xhtml" src="https://evil.com" onmouseover="alert(document.cookie)" width="100" height="100"></iframe>
</foreignObject>
<text x="0" y="15"></text>
</svg>