[CVE-2022–42094]Backdrop-XSS-at-Cards

GrimTheRipper
Oct 31, 2022

--

Enter your username and password; the account must have admin privileges.

Select Content > add content > Card

Enter information into the form provided and enter the XSS payload in the Body field. Choose “Raw HTML” Editor and Save.

The XSS payload will run immediately.

POC:

--

--

GrimTheRipper
GrimTheRipper

Written by GrimTheRipper

You get the best out of others when you give the best of yourself