[CVE-2022–42097]Backdrop-XSS-at-Comments
Oct 31, 2022
Enter your username and password; the account must have admin privileges.
Select some post at the main website.
Enter information into the form provided and enter the XSS payload in the comment field. Choose “Raw HTML” Editor and Save.
The XSS payload will run immediately.
POC: