[CVE-2022–42097]Backdrop-XSS-at-Comments

Oct 31, 2022

Enter your username and password; the account must have admin privileges.

Select some post at the main website.

Enter information into the form provided and enter the XSS payload in the comment field. Choose “Raw HTML” Editor and Save.

The XSS payload will run immediately.

POC:

Sign up to discover human stories that deepen your understanding of the world.

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

You get the best out of others when you give the best of yourself

Write a response

What are your thoughts?

Also publish to my profile

Help
Status
About
Careers
Press
Blog
Privacy
Rules
Terms
Text to speech