Share
## https://sploitus.com/exploit?id=PACKETSTORM:161562
# Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS  
# Date: 25/02/2021  
# Exploit Author: Peithon  
# Vendor Homepage: https://github.com/eddy8/LightCMS  
# Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4  
# Version: 1.3.4  
# Tested on: latest version of Chrome, Firefox on Windows and Linux  
# CVE: CVE-2021-3355  
  
An issue was discovered in LightCMS v1.3.4.(https://github.com/eddy8/LightCMS/issues/18) There is a stored-self XSS, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.  
  
--------------------------Proof of Concept-----------------------  
  
1. Log in to the background.  
  
2. Navigate to System -> `/admin/SensitiveWords/create` & add the below-shared payload as the exclusive field value. Payload - </span><img src=1 onerror=alert(1) /><span>  
  
3. Visit page `/admin/SensitiveWords`, the payload will be triggered.