|===========================================================================
| # Exploit Title : Plone CMS 5.2.3 | Cross Site Scripting (XSS)
|
| # Author : Ali Seddigh
|
| # Category : Web Application
|
| # Software Link : https://plone.com/
|
| # Tested on : [ Windows ~> 10]
|
| # Version: 5.2.3
|
| # Date : 2021-04-11
|===========================================================================
| # Steps to reproduce the issue:
|
| # 1 - Go to URL https://localhost/ where Plone 5.2.3 version is installed.
| # 2 - Click on "Log in now" and Login as "Manager"
| # 3 - Navigate to Manager=> Site Setup => Site
| # 4 - Edit "Site title" field to "xyz<ScRiPt>alert("XSS")</ScRiPt>"
|===========================================================================
| # Discovered By : Ali Triplex
|===========================================================================