Jump to content

Plone CMS 5.2.3 - 'Title' Stored XSS

This CHT

By This CHT,
in CHT Vulnerability database

Recommended Posts

This CHT Grand Master

This CHT

Posted
  • Group:  The leader of the
  • Content Count:  4,798
  • Achievement Points:  31,702
  • With Us For:  244 Days
  • Status:  Offline
  • Last Seen:  
  • Device:  Windows
Posted 
# Exploit Title: Plone CMS 5.2.3 - 'Title' Stored XSS
# Date: 18-03-2021
# Exploit Author: Piyush Patil
# Vendor Homepage: https://plone.com/
# Software Link: https://github.com/plone/Products.CMFPlone/tags
# Version: 5.2.3
# Tested on: Windows 10


# Reference - https://github.com/plone/Products.CMFPlone/issues/3255

Steps to reproduce the issue:
1- Goto https://localhost/ where Plone 5.2.3 version is installed.
2- Click on "Log in now" and Login as "Manager"
3- Navigate to Manager=>Site Setup=>Site
4- Edit "Site title" field to "xyz<ScRiPt>alert(1)</ScRiPt>"
Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...