[CVE-2023–24230]Formwork 1.12.1 — Stored XSS Vulnerability at Page Title
Welcome to my personal account! I am excited to share my first article with you all. Recently, I have been credited with several Common Vulnerabilities and Exposures (CVEs) in the name of my team at the company where I work. I am now motivated to earn more CVEs under my own name as a way to contribute to the field of cybersecurity. With 2 years of experience in this field, I hope to use my knowledge to make the world a more secure place. I hope that this article will provide inspiration for those who are interested in cybersecurity.
I will be demonstrating the use of a Cross-Site Scripting (XSS) payload for a Proof of Concept (POC) in this article.
Cross-Site Scripting (XSS) payload
test_xss<image src/onerror=alert("test_xss")>Proof of concept
1. We navigate to the panel page and log in using an administrator account.
2. We Click on the ‘New page’ button.
3. We use Cross-Site Scripting (XSS) payload as Page Title and Click on the Continue Button.
4. We check the ‘Published’ box to publish the page and Click on save button.
5. Click on the ‘View Site’ navigation to navigate to the home page.
6. The payload will be executed.
7. We click on the “test_xss” page.
8. And then The payload will be executed.
