\\
https://drive.google.com/file/d/1gHXwqgI_uyIlMD45OhjopLFf5Gz9LovY/view?usp=share_link
1.Login as administrator.
2.Click the ‘Settings’ module.
3.Click and go into section named ‘E-mail’ or ‘General’.
4.Enter the following value in the input box of the page.
xss"onbeforeinput="alert(1)"
This vulnerability lies in module ‘Settings’ of the administrator interface. All contents of module ‘Website settings’, including ‘General’,
‘E-mail’,‘Advanced’ have this xss vulnerability.