CVE-2021-45745: GitHub - plsanu/Bludit-3.13.1-About-Plugin-Stored-Cross-Site-Scripting-XSS: Bludit 3.13.1 - About Plugin Stored Cross Site Scripting (XSS)

Bludit 3.13.1 - About Plugin Stored Cross Site Scripting (XSS)

Bludit 3.13.1 - About Plugin Stored Cross Site Scripting (XSS)

Exploit Title: Bludit 3.13.1 - About Plugin Stored Cross Site Scripting (XSS)****Date: 20/12/2021****Exploit Author: P.L.Sanu****Exploit Author Website: https://www.plsanu.com****Vendor Homepage: https://www.bludit.com****Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip****Version: <= 3.13.1****Tested on: Windows 10****CVE :****Google Dork: N/A****Reference:

• https://www.plsanu.com/bludit-3-13-1-about-plugin-stored-cross-site-scripting-xss
• https://github.com/plsanu/Bludit-3.13.1-About-Plugin-Stored-Cross-Site-Scripting-XSS

Steps to Reproduce:

1. Login to the admin panel http://localhost/admin
2. Navigate to Themes section.
3. Activate the Blog X theme.
4. Navigate to plugins section.
5. In About plugin click the Settings button.
6. Inject the payload "><script>alert(“XSS”)</script> in About section.
7. Click on Save button.
8. Visit the site.
9. Malicious javascript code triggered.