header-logo
Suggest Exploit
vendor:
Bludit
by:
Vasu (tamilan_mkv)
6.1
CVSS
MEDIUM
Cross Site Scripting (XSS)
79
CWE
Product Name: Bludit
Affected Version From: 3.13.1
Affected Version To: 3.13.1
Patch Exists: YES
Related CWE: CVE-2021-35323
CPE: a:bludit:bludit:3.13.1
Metasploit:
Other Scripts:
Platforms Tested: Kali Linux
2021

Bludit 3.13.1 – ‘username’ Cross Site Scripting (XSS)

Bludit 3.13.1 is vulnerable to Cross Site Scripting (XSS) when a malicious user enters a specially crafted username. The malicious code is triggered when the user visits the login page and enters the username with the malicious code. The code is then executed in the browser of the user.

Mitigation:

The user should ensure that all input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

# Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)
# Date: 19/10/2021
# Exploit Author: Vasu (tamilan_mkv)
# Vendor Homepage: https://www.bludit.com
# Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip
# Version: bludit-3-13-1
# Tested on: kali linux
# CVE : CVE-2021-35323

### Steps to reproduce

1. Open login page http://localhost:800/admin/login;
2. Enter the username place ``admin"><img src=x onerror=alert(1)>``and enter the password
3. Trigger the malicious javascript code

Navigation

Suggest Exploit

Services By CQR