Skip to content
/ CVE-2020-13889 Public

CVE-2020-13889. The admin page of bludit have an XSS in the showAlert() function that dont sanitize user input leading them to execute an malicious code.

License

MIT license
0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gh0st56/CVE-2020-13889

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
Scanner
Scanner
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
xss-bludit.jpg
xss-bludit.jpg
 
 

Repository files navigation

Author: Andre k Lorenci Contact: avlorenci@gmail.com

CVE-2020-13889

Hello, this vulnerability consists in a function called showAlert() in the administration panel of bludit,that when accessed in DOM, allows users define the text to be popped up in the message box. But this function dont have any sanatization and the user can inject any javascript code or even HTML in the page

To demonstrate this function return I used the web development toolkit to pass a XSS code as argument of that function.

XSS in admin page

the payload used was: showAlert("<script>alert(1)</script>");

The versions that i tested was the Bludit 3.x.

Thank you.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13889

About

CVE-2020-13889. The admin page of bludit have an XSS in the showAlert() function that dont sanitize user input leading them to execute an malicious code.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages