Bludit 3.13.1 – About Plugin Stored Cross Site Scripting (XSS)
Exploit Title: Bludit 3.13.1 – About Plugin Stored Cross Site Scripting (XSS)
Exploit Author: P.L.Sanu
CVSS: 5.4 MEDIUM
1. Login to the admin panel http://localhost/admin
2. Navigate to Themes section.
3. Activate the Blog X theme.
4. Navigate to plugins section.
5. In About plugin click the Settings button.
6. Inject the below payload in About section.
7. Click on Save button.
8. Visit the site.
It is recommended to sanitize all the input fields throughout the application.