Headline
CVE-2021-42245: Create Page XSS · Issue #69 · flatCore/flatCore-CMS
FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections.
Describe the bug
Meta etiketlere ve içeriğe yazılan xss yükünü filtrelememek
https://owasp.org/www-community/attacks/xss/
To Reproduce
Steps to reproduce the behavior:
1-) press create new page from home page
2-) Enter the meta tags and content e xss payload
3-) go to admin panel and press go to home page button and xss pop-up
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
POC : https://www.youtube.com/watch?v=wmQf0B3Sa6c