Describe the bug
An user with page creation/edition can create an XSS payload in description field to trigger XSS when view all page from admin panel To Reproduce
Steps to reproduce the behavior:
Click on 'Create New Page'
Go to 'Meta Tags' tab
In the 'description' section, insert arbitrary XSS payload
Go to 'See all page'
See error
Expected behavior
The XSS payload will be triggered for anyone who view this page description (esspecially admin account).
Screenshots
Desktop (please complete the following information):
Describe the bug
An user with page creation/edition can create an XSS payload in
descriptionfield to trigger XSS when view all page from admin panelTo Reproduce
Steps to reproduce the behavior:
Expected behavior
The XSS payload will be triggered for anyone who view this page description (esspecially admin account).
Screenshots

Desktop (please complete the following information):
video PoC
https://youtu.be/XkjPdJvnMQ0
Additional context
This bug can be exploited by anyone has edit/create page privileges
The text was updated successfully, but these errors were encountered: