I discovered a storage XSS vulnerability while auditing the code
Vulnerability points appear in the /install/index.php file
POST passed in ['config']['admin_username'] parameter was not XSS filtered resulting in storage XSS vulnerability
EXP is as follows:
The result of EXP is as follows:
The text was updated successfully, but these errors were encountered:
I discovered a storage XSS vulnerability while auditing the code




Vulnerability points appear in the /install/index.php file
POST passed in ['config']['admin_username'] parameter was not XSS filtered resulting in storage XSS vulnerability
EXP is as follows:
The result of EXP is as follows:
The text was updated successfully, but these errors were encountered: