Blog LITE 2.1 - Stored XSS

CVE Category Price Severity
CVE-2020-1803 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown Critical Remote 2023-06-19

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Blog LITE 2.1 - Stored XSS
Author   : CraCkEr
Website  :
Vendor   : NetArt Media
Software : Blog LITE 2.1
Vuln Type: Stored XSS
Impact   : Manipulate the content of the site

Release Notes:

Allow Attacker to inject malicious code into website,
give ability to steal sensitive information,
manipulate data, and launch additional attacks.


The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09
CryptoJob (Twitter)

## Stored XSS

POST /blog/index.php HTTP/2

Content-Disposition: form-data; name="title"

[XSS Payload]
Content-Disposition: form-data; name="content"

Content-Disposition: form-data; name="author"

[XSS Payload]
Content-Disposition: form-data; name="email"


## Steps to Reproduce:

1. Visit Any Category on the Blog
2. Write a comment (as Guest)
3. Inject your [XSS Payload] in "Comment Title"
4. Inject your [XSS Payload] in "Your Name"
5. Submit

6. By default the Blog Disable your comment for Admin Check
7. Admin Check the [BLOG POSTS] in the Administration Panel on this Path (https://website/blog/admin/index.php?page=posts)
8. When the Admin check the comments on this Path (https://website/blog/admin/index.php?page=comments&id=2)
9. XSS Will Fire and Executed on his Browser

[-] Done

 CraCkEr 2023

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.