Plone CMS 5.2.3 | Cross Site Scripting (XSS)

2021.04.16
Risk: Low
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

|=========================================================================== | # Exploit Title : Plone CMS 5.2.3 | Cross Site Scripting (XSS) | | # Author : Ali Seddigh | | # Category : Web Application | | # Software Link : https://plone.com/ | | # Tested on : [ Windows ~> 10] | | # Version: 5.2.3 | | # Date : 2021-04-11 |=========================================================================== | # Steps to reproduce the issue: | | # 1 - Go to URL https://localhost/ where Plone 5.2.3 version is installed. | # 2 - Click on "Log in now" and Login as "Manager" | # 3 - Navigate to Manager=> Site Setup => Site | # 4 - Edit "Site title" field to "xyz<ScRiPt>alert("XSS")</ScRiPt>" |=========================================================================== | # Discovered By : Ali Triplex |===========================================================================


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top