[CVE-2022–42097]Backdrop-XSS-at-Comments

GrimTheRipper
Oct 31, 2022

Enter your username and password; the account must have admin privileges.

Select some post at the main website.

Enter information into the form provided and enter the XSS payload in the comment field. Choose “Raw HTML” Editor and Save.

The XSS payload will run immediately.

POC:

--

--

GrimTheRipper

You get the best out of others when you give the best of yourself