Cross-site Scripting (XSS) - Generic in netlify/netlify-cms
Dec 21st 2020
netlify-cms-widget-markdown is vulnerable to
Cross-Site Scripting (XSS).
Steps To Reproduce
- Use the application or use the demo https://cms-demo.netlify.com/#/collections/posts/new
- Switch to markdown mode in edtior.
- Insert the xss payload in to the editor(body)
<img src=x onerror=alert(1)>
- XSS payload will get executed.
to join this conversation