Headline
CVE-2023-37122: BageCms3.1.0 has storage XSS vulnerability · Issue #6 · bagesoft/bagecms
A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module.
BageCms3.1.0 has storage XSS vulnerability
A bug was found. A stored xss vulnerability exists.
Only test in the test environment, do not do any illegal operations, now the bug feedback to the manufacturer
XSS-1:
Insert the poc in the Custom Settings Module in the background
Poc:<img src=a onerror=alert(1)>
A pop-up window occurs when you visit the home page
XSS-2:
Insert the poc into the link management module in the background
Poc:<img src=a onerror=alert(“xss”)>
A pop-up window occurs when you visit the home page