| 제목 | matthewdeaves Willow CMS v1.4.0 Stored Cross Site Scripting |
|---|
| 설명 | Stored (persistent) XSS in Willow CMS v1.4.0. Users with administrative privileges can submit a blog in the New Blog form. The input is stored and later rendered on the homepage without proper sanitization/escaping (title and body fields), causing script execution in the browsers of any visitor who loads the page.
PoC: https://www.youtube.com/watch?v=jhFCYpFu9qI |
|---|
| 원천 | ⚠️ https://github.com/matthewdeaves/willow/issues/131 |
|---|
| 사용자 | RiccK (UID 91602) |
|---|
| 제출 | 2025. 10. 14. AM 01:52 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 27. PM 01:13 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 330115 [Willow CMS 까지 1.4.0 Add Post Page /admin/articles/add title/body 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 18 |
|---|