forkcms is vulnerable to XSS through
Online movies id edition.
Online movies (Youtube, Vimeo, ...)and click on
Source, write anything in the
Movie titlefields and click on
Back to overview.
Moviestab and click on
Editover the movie added before.
Movie IDfield, write
<img src onerror=alert()>and click on
Save. An alert will pop up.
The PoC steps do not work anymore. The characters
> are being sanitized.