You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This vulnerability consists in a function called showAlert() in the administration panel of bludit,that when accessed in DOM, allows users define the text to be popped up in the message box. But this function dont have any sanatization and the user can inject any javascript and html code in the page
the payload used was: showAlert("<script>alert(1)</script>");
The versions that i tested was the Bludit 3.x. I'll check the old ones for a more in deep report
Hello I think I found a vulnerability.
This vulnerability consists in a function called showAlert() in the administration panel of bludit,that when accessed in DOM, allows users define the text to be popped up in the message box. But this function dont have any sanatization and the user can inject any javascript and html code in the page
the payload used was: showAlert("<script>alert(1)</script>");
The versions that i tested was the Bludit 3.x. I'll check the old ones for a more in deep report
Thank you.
https://github.com/gh0st56/bludit-DOM-xss
The text was updated successfully, but these errors were encountered: