![$site['alt']](/img/irfan-toor-32-dark.jpeg)
Irfan TOOR Plone CMS 5.2.3 - 'Title' Stored XSS
Author: Piyush Patil type: webapps platform: multiple port: date_added: 2021-03-19 date_updated: 2021-03-19 verified: 0 codes: tags: aliases: screenshot_url: application_url: raw file: 49668.txt
# Exploit Title: Plone CMS 5.2.3 - 'Title' Stored XSS # Date: 18-03-2021 # Exploit Author: Piyush Patil # Vendor Homepage: https://plone.com/ # Software Link: https://github.com/plone/Products.CMFPlone/tags # Version: 5.2.3 # Tested on: Windows 10 # Reference - https://github.com/plone/Products.CMFPlone/issues/3255 Steps to reproduce the issue: 1- Goto https://localhost/ where Plone 5.2.3 version is installed. 2- Click on "Log in now" and Login as "Manager" 3- Navigate to Manager=>Site Setup=>Site 4- Edit "Site title" field to "xyz<ScRiPt>alert(1)</ScRiPt>"