Headline
CVE-2022-42095: [Declined]Backdrop-XSS-at-Pages - GrimTheRipper - Medium
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
Enter your username and password; the account must have admin privileges.
Select Content > add content > Page
Enter information into the form provided and Enter the XSS payload in the Body field. Choose “Raw HTML” Editor and Save.
The XSS payload will run immediately.
POC:
Related news
GHSA-58rj-w2qf-qjg7: Cross-site Scripting in Backdrop CMS
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.