CVE-2021-35323
published 2021-10-19CVE-2021-35323: Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
PriorityP340medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
5.62%
92.0th percentile
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bludit | bludit | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)
exploitdb·2021-11-17·CVSS 6.1
CVE-2021-35323 [MEDIUM] Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)
Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)
---
# Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)
# Date: 19/10/2021
# Exploit Author: Vasu (tamilan_mkv)
# Vendor Homepage: https://www.bludit.com
# Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip
# Version: bludit-3-13-1
# Tested on: kali linux
# CVE : CVE-2021-35323
### Steps to reproduce
1. Open login page http://localhost:800/admin/login;
2. Enter the username place ``admin">``and enter the password
3. Trigger the malicious javascript code
Nuclei
Bludit 3.13.1 - Cross Site Scripting
nuclei·CVSS 6.1
CVE-2021-35323 [MEDIUM] Bludit 3.13.1 - Cross Site Scripting
Bludit 3.13.1 - Cross Site Scripting
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login
Template:
id: CVE-2021-35323
info:
name: Bludit 3.13.1 - Cross Site Scripting
author: r3Y3r53
severity: medium
description: |
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login
impact: |
Attackers can inject malicious JavaScript via XSS in the username field, potentially stealing administrator session cookies or performing administrative actions.
remediation: Bludit v4.0.0
reference:
- https://github.com/bludit/bludit/issues/1327
- https://nvd.nist.gov/vuln/detail/CVE-2021-35323
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
2021-10-19
Published