New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cross site script (xss) #1327
Comments
|
I can confirm the security problem on my install. Thanks for the heads up! A quick and dirty fix is to add: and then use |
|
can you assign a new CVE for this report? |
|
Fixed for Bludit v4. https://github.com/bludit/bludit/blob/v4.0/bl-kernel/admin/views/login.php#L42 |
It can be made simple by change |
Describe your problem
I found a cross-site scripting attack on the login page http://localhost:800/admin/login
cross-site scripting is a vulnerability that allows an attacker to send malicious code(usually in javascript form)
to another user
Because a browser cannot know if the script should be trusted or not,
it will execute the script in user context allowing the attacker to access any cookies or sessions tokens retained
by the browser.
Steps to reproduce the problem
admin"><img src=x onerror=alert(1)>and enter passwordBludit version
bludit-3-13-1
PHP version
PHP 7.4.15
The text was updated successfully, but these errors were encountered: