Textpattern 4.8.7 is affected by cross-site scripting (XSS) in the Body parameter.

#Exploit Title: Textpattern CMS v4.8.7 “Content>Write>Body” — Stored Cross-Site Scripting
# Exploit Author: Tanmay Bhattacharjee
# Vendor Homepage: https://www.textpattern.co
# Software Link: https://textpattern.com/start
# Version: 4.8.7
# Tested on: Ubuntu

Vulnerable Parameters: Body.

Attack Vector:
This vulnerability can results attacker to inject the XSS payload into the body parameter.
any user will go to that URL, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.

Steps-To-Reproduce:
1. Login into Textpattern CMS admin panel.
2. Now go to the Content > Write > Body.
3. Now paste the below payload in the URL field.
“/><script>alert(document.domain)</script>
4. Now click on publish button and click on view button. Boom Boom Boom
5. The XSS triggered

In above scenario if you check I will capture this request as HTTP POST method.

So it is stored XSS or persistent XSS.

No bruteforcing, happy with manual testing.

Have a nice day.

Thanks,

Tanmay