concrete5: Stored XSS in Contact Form

2015-03-08T10:28:48
ID H1:50564
Type hackerone
Reporter ishahriyar
Modified 2015-07-08T18:33:15

Description

In Contact form there is an option to display Message when completed. There I have put the payload payload: "><img src=x onerror=alert(1)>

and the payload executed and saved permanently.