concrete5: Stored Xss in Feature Paragraph

2015-03-09T09:02:37
ID H1:50642
Type hackerone
Reporter ishahriyar
Modified 2015-07-08T18:36:28

Description

XSS payload can be executed and saved permanently in Feature Paragraph.

Poc code: "><img src=x onerror=alert(1)>