XSS in BoidCMS 2.1.0 (/admin -> Create)

Software link: BoidCMS 2.1.0 [https://boidcms.github.io/#/] -> Download

@author: Antonio Díaz.

Description: Cross-site scripting (XSS) vulnerability in the Create section of the Admin Page of BoidCMS 2.1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Content' parameter.

CVE: CVE-2024-32343.

PoC

Admin Page -> Create (CVE-2024-32343)

Enter to Create section of Admin Page, set the payload in 'Content' parameter and click on the Create button:

Show Dashboard page and click on the link to the new page you have created:

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Repository files navigation

XSS in BoidCMS 2.1.0 (/admin -> Create)

PoC

Admin Page -> Create (CVE-2024-32343)

About

Releases

Packages

adiapera/xss_create2_boidcms_2.1.0

Folders and files

Latest commit

History

README.md

README.md

Repository files navigation

XSS in BoidCMS 2.1.0 (/admin -> Create)

PoC

Admin Page -> Create (CVE-2024-32343)

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages