Software link: BoidCMS 2.1.0 [https://boidcms.github.io/#/] -> Download
@author: Antonio Díaz.
Description: Cross-site scripting (XSS) vulnerability in the Create section of the Admin Page of BoidCMS 2.1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Content' parameter.
CVE: CVE-2024-32343.
- Enter to Create section of Admin Page, set the payload in 'Content' parameter and click on the Create button:
- Show Dashboard page and click on the link to the new page you have created: