# Exploit Title: Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS)(Authenticated)# Date: 2023-04-15# Exploit Author: Rahad Chowdhury# Vendor Homepage: https://www.bludit.com/# Software Link: https://github.com/bludit/bludit/releases/tag/3.14.1# Version: 3.14.1# Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53# CVE: CVE-2023-31698SVG Payload-------------save this SVG file xss.svgSteps to Reproduce:1. At first login your admin panel.2. then go to setting and click logo