Description

Stored XSS occurs when changing a user’s profile

Proof of Concept

XSS POC : "><something:script xmlns:something="http://www.w3.org/1999/xhtml">alert(document.domain)</something:script>

1. Open the https://demo.microweber.org/demo/admin
2. Go to "Users" > "Edit profile"
3. Change the value of "First Name" to XSS PoC
4. Refresh

Impact

Through this vulnerability, an attacker is capable to execute malicious scripts.