Share
## https://sploitus.com/exploit?id=PACKETSTORM:161866
# Exploit Title: Plone CMS 5.2.3 - 'Title' Stored XSS  
# Date: 18-03-2021  
# Exploit Author: Piyush Patil  
# Vendor Homepage: https://plone.com/  
# Software Link: https://github.com/plone/Products.CMFPlone/tags  
# Version: 5.2.3  
# Tested on: Windows 10  
  
  
# Reference - https://github.com/plone/Products.CMFPlone/issues/3255  
  
Steps to reproduce the issue:  
1- Goto https://localhost/ where Plone 5.2.3 version is installed.  
2- Click on "Log in now" and Login as "Manager"  
3- Navigate to Manager=>Site Setup=>Site  
4- Edit "Site title" field to "xyz<ScRiPt>alert(1)</ScRiPt>"