This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,700 With Us For: 236 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Exploit Title: Textpattern CMS 4.8.4 - 'Comments' Persistent Cross-Site Scripting (XSS) # Date: 2021-03-04 # Exploit Author: Tushar Vaidya # Vendor Homepage: https://textpattern.com # Software Link: https://textpattern.com/start # Version: v 4.8.4 # Tested on: Windows Steps-To-Reproduce: 1. Login into Textpattern CMS admin panel. 2. Now go to the *Content > C**omments > Message*. 3. Now paste the below payload in the URL field. Ba1man”><img src=x onerror=confirm(document.location)> 4. Now click on the *Save* button. 5. Now go to the https://site.com/articles/welcome-to-your-site#comments-head 5. The XSS will be triggered. Link to comment Share on other sites More sharing options...
Recommended Posts