| Titel | matthewdeaves Willow CMS v1.4.0 Stored Cross Site Scripting |
|---|
| Beschreibung | Stored (persistent) XSS in Willow CMS v1.4.0. Users with administrative privileges can submit a blog in the New Blog form. The input is stored and later rendered on the homepage without proper sanitization/escaping (title and body fields), causing script execution in the browsers of any visitor who loads the page.
PoC: https://www.youtube.com/watch?v=jhFCYpFu9qI |
|---|
| Quelle | ⚠️ https://github.com/matthewdeaves/willow/issues/131 |
|---|
| Benutzer | RiccK (UID 91602) |
|---|
| Einreichung | 14.10.2025 01:52 (vor 8 Monaten) |
|---|
| Moderieren | 27.10.2025 13:13 (14 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 330115 [Willow CMS bis 1.4.0 Add Post Page /admin/articles/add title/body Cross Site Scripting] |
|---|
| Punkte | 18 |
|---|