GHSA-CJMM-X9X9-M2W5 Craft CMS stored XSS in review volume
Summary XSS can be triggered by review volumes PoC 1. Access setting tab 2. Create new assets 3. In assets name inject payload: "alert1337 4. Click Utilities tab 5. Choose all volumes, or volume trigger xss 6. Click Update asset indexes. 7. Wait to assets update success. 8. Progress complete. 9...