[CVE-2022–42097]Backdrop-XSS-at-Comments

Enter your username and password; the account must have admin privileges.

Select some post at the main website.

Enter information into the form provided and enter the XSS payload in the comment field. Choose “Raw HTML” Editor and Save.

The XSS payload will run immediately.

POC:

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
GrimTheRipper

You get the best out of others when you give the best of yourself