Desktop (please complete the following information):
OS: all
Browser : all
Version : all
Additional context
The XSS attack will help the hacker get the login session of other users requiring them to have at least one "Create new Pages" permission.
The text was updated successfully, but these errors were encountered:
Describe the bug
Cross Site Scripting (XSS) via save Exclude URLs
To Reproduce
Steps to reproduce the behavior:
- Login to flatcore CMS
- Click on 'Create new Page' after click 'Index'
- Insert into a XSS payload in Exclude URLs
- And XSS save on : http://domain/acp/acp.php?tn=pages&sub=index

<script>alert(1)</script>Screenshots
XSS payload
Desktop (please complete the following information):
Additional context
The XSS attack will help the hacker get the login session of other users requiring them to have at least one "Create new Pages" permission.
The text was updated successfully, but these errors were encountered: