Exploit/Advisories
Published on March 20th, 2024 📆 | 8286 Views ⚑
0Backdrop CMS 1.23.0 Cross Site Scripting – Torchsec
- Backdrop CMS 1.23.0 Cross Site Scripting
- Posted Mar 19, 2024
- Authored by Sinem Sahin
-
Backdrop CMS version 1.23.0 suffers from a persistent cross site scripting vulnerability.
- SHA-256 |
4bb3b15e6793b35f154b25b1c1a126cba8e1b8b14114a15a508636cb6bed357f
- Download | Favorite | View
# Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field
# Date: 2023-08-21
# Exploit Author: Sinem Şahin
# Vendor Homepage: https://backdropcms.org/
# Version: 1.23.0
# Tested on: Windows & XAMPP==> Tutorial <==
1- Go to the following url. => http://(HOST)/backdrop/node/add/post
2- Write your xss payload in the body of the post. Formatting options should be RAW HTML to choose from.
3- Press "Save" button.
XSS Payload ==> "
Gloss