Advertisement






Backdrop CMS 1.23.0 Cross Site Scripting

CVE Category Price Severity
CVE-2018-17442 CWE-79 $300 Critical
Author Risk Exploitation Type Date
Unknown High Remote 2024-03-20
CPE
cpe:/a:backdrop_cms_project:backdrop:1.23.0
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L 0.03526 0.62359

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024030047

Below is a copy:

Backdrop CMS 1.23.0 Cross Site Scripting
# Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field
# Date: 2023-08-21
# Exploit Author: Sinem ahin
# Vendor Homepage: https://backdropcms.org/
# Version: 1.23.0
# Tested on: Windows & XAMPP

==> Tutorial <==

1- Go to the following url. => http://(HOST)/backdrop/node/add/post
2- Write your xss payload in the body of the post. Formatting options should be RAW HTML to choose from.
3- Press "Save" button.

XSS Payload ==> "<script>alert("post_body")</script>


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.