WinterCMS 1.2.3 Cross Site Scripting
2023-12-7 22:17:33 Author: packetstormsecurity.com(查看原文) 阅读量:2 收藏

# Exploit Title: Stored XSS in WinterCMS 1.2.3 Plugin Components
# Date: 12/7/2023
# Exploit Author: tmrswrr
# Vendor Homepage: https://wintercms.com/
# Software Link: https://github.com/wintercms/winter
# Version: 1.2.3
# Tested on: debian 9

PoC

1. Access the WinterCMS backend at http://localhost/backend/cms.
2. Navigate to the Plugin Components section.
3. In the Markup Code input field, insert the following payload:
"<sVg/onLy=1 onLoaD=confirm(1)//".
4. Save the input and click on the "Preview" button.
5. The injected script executes, demonstrating the XSS vulnerability.


文章来源: https://packetstormsecurity.com/files/176104/wintercms123-xss.txt
如有侵权请联系:admin#unsafe.sh