CVEs-PoC/2021/CVE-2021-29002.md

CVE-2021-29002

Description

A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.

POC

Reference

• https://github.com/plone/Products.CMFPlone/issues/3255
• https://github.com/plone/Products.CMFPlone/issues/3255
• https://www.exploit-db.com/exploits/49668
• https://www.exploit-db.com/exploits/49668

Github

• https://github.com/miguelc49/CVE-2021-29002-1