CVE-2021-38603
A stored cross site scripting vulnerability is present on the Profile edit page in the Information: field for each user.
http://<hostname/server ip>/core/admin/profil.php
Vulnerable Fields:
- Information:
Once inserted, XSS can be triggered by visiting any page/article created by that particular user.

