GitHub - gh0st56/CVE-2020-13889: CVE-2020-13889. The admin page of bludit have an XSS in the showAlert() function that dont sanitize user input leading them to execute an malicious code.

Author: Andre k Lorenci Contact: avlorenci@gmail.com

CVE-2020-13889

Hello, this vulnerability consists in a function called showAlert() in the administration panel of bludit,that when accessed in DOM, allows users define the text to be popped up in the message box. But this function dont have any sanatization and the user can inject any javascript code or even HTML in the page

To demonstrate this function return I used the web development toolkit to pass a XSS code as argument of that function.

the payload used was: showAlert("<script>alert(1)</script>");

The versions that i tested was the Bludit 3.x.

Thank you.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13889

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
Scanner		Scanner
LICENSE		LICENSE
README.md		README.md
xss-bludit.jpg		xss-bludit.jpg

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Scanner

Scanner

LICENSE

LICENSE

README.md

README.md

xss-bludit.jpg

xss-bludit.jpg

Repository files navigation

About

Releases

Packages

Languages

License

gh0st56/CVE-2020-13889

Folders and files

Latest commit

History

Repository files navigation

About

Resources

License

Stars

Watchers

Forks

Languages