The application uses Purifier to avoid the Cross Site Scripting attack. However, On Workflow module from Settings, the type of workflowModel->summary parameter is not defined and validated, it’s used directly without any encoding or validation on Workflows/Step1.tpl and Workflows/Step2.tpl. It allows attacker to inject arbitrary Javascript code to perform an Stored XSS attack.
https://gitstable.yetiforce.com/index.php?module=Workflows&parent=Settings&view=Edit&record={id}
Workflow" onfocus="alert(document.domain)" autofocus ""="
**Inject the payload
https://drive.google.com/file/d/1Ri-tO_QjVcugTkroVDi8KxUfkoTJIb6n/view?usp=sharing