[CVE-2022–42096]Backdrop-XSS-at-Posts

Enter your username and password; the account must have admin privileges.

Select Content > add content > Post

Enter information into the form provided and Enter the XSS payload in the Body field. Choose “Raw HTML” Editor and Save.

The XSS payload will run immediately.

POC:

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
GrimTheRipper

You get the best out of others when you give the best of yourself