Paweł Klockiewicz Batflat CMS 跨站脚本漏洞

Batflat is a simple, lightweight content management system CMS. A cross-site scripting vulnerability exists in Snippets in Batflat 1.3.6, which can be exploited by a remote attacker to inject arbitrary web script or HTML via a field name...

CVE-2020-35734

Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...