Cross site scripting

Cross-site scripting XSS vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...

Cross site scripting

Cross-site scripting XSS vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...

Cross site scripting

Cross-site scripting XSS vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...

CVE-2021-27679

CVE-2021-27679 is an XSS vulnerability in Batflat CMS 1.3.6, specifically in the Navigation functionality. The issue allows remote attackers to inject arbitrary web script or HTML via the field name, enabling script execution in contexts where the affected page is viewed by other users. The conne...

CVE-2021-27679

Cross-site scripting XSS vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...

CVE-2021-27678

Cross-site scripting XSS vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...

CVE-2021-27678

CVE-2021-27678 affects Batflat CMS 1.3.6 (Snippets) with a Cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the field name. Exploitation details, affected versions beyond 1.3.6, and remediation steps are not provided in the supplied ...

CVE-2021-27677

Cross-site scripting XSS vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...

CVE-2021-27677

CVE-2021-27677 is an XSS vulnerability in the Batflat CMS 1.3.6 Galleries component. The issue allows remote attackers to inject arbitrary web script or HTML via the field name, indicating improper input handling in the Galleries module. Affected software is Batflat CMS (Galleries) v1.3.6; root c...

Batflat CMS 跨站脚本漏洞

Batflat is a simple, lightweight content management system CMS. A cross-site scripting vulnerability exists in Galleries in Batflat 1.3.6. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via field names...

Paweł Klockiewicz Batflat CMS 跨站脚本漏洞

Batflat is a simple, lightweight content management system CMS. A cross-site scripting vulnerability exists in Snippets in Batflat 1.3.6, which can be exploited by a remote attacker to inject arbitrary web script or HTML via a field name...

Paweł Klockiewicz Batflat CMS 跨站脚本漏洞

Batflat is a simple, lightweight content management system CMS. A cross-site scripting vulnerability exists in "Navigation" in Batflat 1.3.6, which can be exploited by remote attackers to inject arbitrary web script or HTML via a field name...

Batflat CMS 1.3.6 Cross Site Scripting

Exploit Title: Batflat CMS 1.3.6 - 'multiple' Stored XSS Date: 22/02/2021 Exploit Author: Tadjmen Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Version: 1.3.6 Tested on: Xammpp on Windows, Firefox Newest CVE : N/A Multiple Stored XSS...

Batflat CMS 1.3.6 - multiple Stored XSS Vulnerabilities

Exploit Title: Batflat CMS 1.3.6 - 'multiple' Stored XSS Exploit Author: Tadjmen Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Version: 1.3.6 Tested on: Xammpp on Windows, Firefox Newest CVE : N/A Multiple Stored XSS Cross-Site Scripting...

Batflat CMS 1.3.6 - 'multiple' Stored XSS

Exploit Title: Batflat CMS 1.3.6 - 'multiple' Stored XSS Date: 22/02/2021 Exploit Author: Tadjmen Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Version: 1.3.6 Tested on: Xammpp on Windows, Firefox Newest CVE : N/A Multiple Stored XSS...

Batflat CMS 1.3.6 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Batflat CMS 1.3.6 - Remote Code Execution Authenticated Exploit Author: mari0x00 Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Description:...

CVE-2020-35734

Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...

CVE-2020-35734

Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...

Code injection

Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...

CVE-2020-35734

Batflat CMS 1.3.6 is vulnerable to authenticated code injection leading to Remote Code Execution via input fields on the Users tab. Exploitation requires login to the admin panel and editing another user’s data (e.g., username or display name). Affected product/version: Batflat 1.3.6; vendor note...