# Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS) # Exploit Author: tmrswrr # Vendor Homepage: https://decapcms.org/docs/intro/ # Software Link: https://github.com/decaporg/decap-cms # Version: 2.10.192 # Tested on: https://cms-demo.netlify.com Description: 1. Go to new post and write body field your payload: https://cms-demo.netlify.com/#/collections/posts Payload = 2. After save it XSS payload will executed and see alert box