concrete5: Stored XSS in title of date navigation

2015-03-09T04:33:02
ID H1:50627
Type hackerone
Reporter ishahriyar
Modified 2015-07-08T18:36:02

Description

XSS payload can be executed and saved permanently in title of date navigation.

Poc code: "><img src=x onerror=alert(1)>