search

bludit / bludit

Simple, Fast, Secure, Flat-File CMS
https://www.bludit.com
MIT License
1.29k stars 291 forks source link

Stored XSS in bludit v3.9.2 #1078

Closed gh0stGM closed 5 years ago

gh0stGM commented 5 years ago

Vulnerability

Bludit v3.9.2 is vulnerable to a stored XSS vulnerability in Categories -> Add New Category -> Name Parameter

Steps to reproduce the problem

Go to Categories -> Add New Category and insert the following payload in [Name] Parameter:

![image](https://user-images.githubusercontent.com/53895017/63916310-c0b5e100-ca6a-11e9-919c-51cdf02b1db2.png) ![image](https://user-images.githubusercontent.com/53895017/63916352-d2978400-ca6a-11e9-8843-782fc7d3ff8d.png)
dignajar commented 5 years ago

Similar issue differents fields. https://github.com/bludit/bludit/issues/1066 Pull request with the fix are welcome.

tronghoang89 commented 1 year ago

Hello everyone, I have Bludit v3.9.2 to research the cve-2016-16113 vulnerability. And now when I follow the settings it looks like that, am I installing correctly or is it wrong? Can someone explain or help me