Cross-site Scripting (XSS) - Generic in netlify/netlify-cms


Reported on

Dec 21st 2020


netlify-cms-widget-markdown is vulnerable to Cross-Site Scripting (XSS).

Steps To Reproduce

  1. Use the application or use the demo
  2. Switch to markdown mode in edtior.
  3. Insert the xss payload in to the editor(body) <img src=x onerror=alert(1)>
  4. XSS payload will get executed.
to join this conversation