insert xss payload "><svg onload=alert(222)> in the parameter f_file_description
click save
You will observe that the payload successfully got stored into the database and when you are triggering the same functionality at that time JavaScript payload gets executed successfully and we'll get a pop-up.
The text was updated successfully, but these errors were encountered:
Stored-Cross-Site-Scripting (XSS) -2
a stored cross-site scripting (XSS) in maxsite cms targeted towards web admin through ~/admin/files at via the parameter f_file_description .
Navigate to admin page, go to http://localhost/admin/files,then update a xss.gif file

insert xss payload

"><svg onload=alert(222)>in the parameter f_file_descriptionclick save

You will observe that the payload successfully got stored into the database and when you are triggering the same functionality at that time JavaScript payload gets executed successfully and we'll get a pop-up.
The text was updated successfully, but these errors were encountered: