@0xMJ Although very unlikely, this one is more plausible than your friend @Marblue's issue as it would require the attacker to phish the site administrator. No regular users would be able to access this page.
Unlikely, but plausible, so congratulations. I'll go ahead and do a low priority release for this one.
Hello, I found that this cms may have some security problem

you can edit your html on http://localhost/nc-cms/nc-cms/index.php?action=edit_html&name=home_content
and you can Input any evil js you want
http://localhost/nc-cms/index.php?action=edit_html&name=home_contenta2ktk%3cimg%20src%3da%20onerror%3dalert(1)%3ejil8q
The text was updated successfully, but these errors were encountered: