A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover This issue affects MagicINFO 9 Server: less than 21.1090.1.
The vulnerability classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) consists of the lack of proper verification of uploaded file types. A logged-in user can upload an HTML file containing a malicious JavaScript script to the server, which is permanently saved on the server (Stored XSS). When another user — including an administrator — opens or is directed to the malicious content, the script executes in their browser in the context of the application.
An attacker can hijack the session or account of another system user, including an account with administrative privileges. This can lead to full compromise of the Samsung MagicINFO 9 Server instance.
Samsung MagicINFO 9 Server should be updated to version 21.1090.1 or later. Detailed information is available in the manufacturer's security bulletin at: https://security.samsungtv.com/securityUpdates
Samsung MagicINFO 9 Server in versions earlier than 21.1090.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSamsung Magicinfo 9 Server
APPSamsung< 21.1090.1
Related vulnerabilities
Path Traversal w Samsung MagicINFO 9 Server — zapis plików jako SYSTEM
Zakodowane na stałe dane logowania do bazy danych w Samsung MagicINFO 9 Server
Path Traversal w Samsung MagicINFO 9 Server umożliwia wgranie web shell
Samsung MagicINFO 9 Server — nieograniczony upload pliku umożliwia Code Injection
Samsung MagicINFO 9 Server — nieograniczony upload pliku umożliwia Code Injection