Share
## https://sploitus.com/exploit?id=PACKETSTORM:210055
# CVE-2025-56514: Cross Site Scripting (XSS) Vulnerability in Fiora Chat Application
    
    ## Overview
    A Cross Site Scripting (XSS) vulnerability, identified as **CVE-2025-56514**, affects the Fiora chat application version 1.0.0. This vulnerability allows an authenticated user to execute arbitrary JavaScript in the context of another user's browser by uploading a malicious SVG file through the group avatar change functionality.
    
    ## Vulnerability Details
    - **Vulnerability Type**: Cross Site Scripting (XSS)
    - **Attack Type**: Remote
    - **Impact**: Code Execution
    - **Affected Product Code Base**: Fiora 1.0.0
    - **Vendor**: suisuijiang
    - **Discoverer**: Kaio Mendonca Pereira
    
    ## Affected Components
    The following components in the Fiora chat application are impacted:
    - **Backend**: `packages/server/src/routes/group.ts` (group management routes)
    - **Frontend**:
      - `packages/web/src/modules/Chat/GroupManagePanel.tsx` (group avatar upload interface)
      - `packages/web/src/service.ts` (API service layer)
      - `packages/web/src/components/Avatar.ts` (avatar rendering component)
    
    ## Attack Vectors
    An authenticated user with creator privileges in a group can exploit this vulnerability by:
    1. Uploading a malicious SVG file containing embedded JavaScript via the "Change Group Avatar" functionality.
    2. The malicious SVG is stored in the `/GroupAvatar/` directory.
    3. When the SVG avatar is rendered by the `Avatar.tsx` component in another user's browser, the embedded JavaScript executes, enabling XSS exploitation.
    
    ## Steps to Reproduce
    1. **Authentication**: Log in to the Fiora chat application with valid credentials.
    2. **Access Target Group**: Navigate to group management and select a group where you have creator privileges.
    3. **Upload Malicious SVG**: Use the "Change Group Avatar" feature to upload a malicious SVG file with embedded JavaScript, such as:
       ```xml
       <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 100 100">
           <foreignObject x="0" y="0" width="100" height="100">
               <iframe xmlns="http://www.w3.org/1999/xhtml" src="https://evil.com" onmouseover="alert(document.cookie)" width="100" height="100"></iframe>
           </foreignObject>
           <text x="0" y="15"></text>
       </svg>