Badaso is Uasoft open source an open source Laravel Vue headless CMS. Badosa v2.9.7 version of the cross-site scripting vulnerability , the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability through a well-designed payload through the new book and edit book function in the title parameter to execute arbitrary code .