Batflat CMS 1.3.6 Cross Site Scripting ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on February 23rd, 2021 📆 | 3491 Views ⚑

0

Batflat CMS 1.3.6 Cross Site Scripting ≈ Packet Storm

# Exploit Title: Batflat CMS 1.3.6 – ‘multiple’ Stored XSS
# Date: 22/02/2021
# Exploit Author: Tadjmen
# Vendor Homepage: https://batflat.org/
# Software Link: https://github.com/sruupl/batflat/archive/master.zip
# Version: 1.3.6
# Tested on: Xammpp on Windows, Firefox Newest
# CVE : N/A

Multiple Stored XSS Cross-Site Scripting on Batflat CMS 1.3.6

Login with editor account with rights to Navigation, Galleries, Snippets

Navigation
– Add link
payload: “>

Galleries
– Add gallery
payload: mlem”>

Snippets
– Add Snippets
payload: mlem”>

More information:
https://github.com/sruupl/batflat/issues/105

Source link

Tagged with:



Leave a Reply