Share
## https://sploitus.com/exploit?id=PACKETSTORM:177641
# Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field  
# Date: 2023-08-21  
# Exploit Author: Sinem Şahin  
# Vendor Homepage: https://backdropcms.org/  
# Version: 1.23.0  
# Tested on: Windows & XAMPP  
  
==> Tutorial <==  
  
1- Go to the following url. => http://(HOST)/backdrop/node/add/post  
2- Write your xss payload in the body of the post. Formatting options should be RAW HTML to choose from.  
3- Press "Save" button.  
  
XSS Payload ==> "<script>alert("post_body")</script>