Store XSS in Widgets and pages in instantsoft/icms2
Aug 25th 2023
Description I noticed that you filtered the comment very carefully.
But there are still some parts you missed
Proof of Concept
1 .Login with admin
2 .Go to "https://demo.instantcms.io/admin/widgets"
3 . Insert payload in Position name and Title
test" onmouseover = "alert(document.cookie)
4 .Click save , and detect store xss
This security vulnerability has the potential to steal multiple users' cookies, gain unauthorized access to that user's account through stolen cookies, or redirect the user to other malicious websites...