In a form version that appears to have no validation, it means that the website or application is not properly checking user inputs for malicious code before storing it in the database. This lack of validation allows an attacker to inject their own malicious script, which can then be executed by other users who access the affected page. This can lead to sensitive information being stolen, unauthorized actions being taken, and a variety of other security risks.
1.Go to https://roy.demo.phpmyfaq.de/admin/?action=config
2.Save Configuration and intercept
3.Edit main.currentVersion with xss payload </script><script>alert('1337')</</script><script>alert('1337')</script>script>
4.Forward request
https://drive.google.com/file/d/1Ws22NhQx3z68fUEQ-dcRelMSlFOTUorG/view?usp=share_link
This xss will trigger in every domain that show version of phpmyfaq