the xss is on the page 'admin/pages/new',add a text new page, fill the <img src=1 onerror=alert(1)> in the 'Navigation Title* (this is displayed on navigation menus)' field
The text was updated successfully, but these errors were encountered:
I was sure all the inputs were sanitising data but appears not. I suppose at this point an attacker would already have access to your admin dashboard so the site would already be compromised.
the xss is on the page 'admin/pages/new',add a text new page, fill the


<img src=1 onerror=alert(1)>in the 'Navigation Title* (this is displayed on navigation menus)' fieldThe text was updated successfully, but these errors were encountered: