Craft CMS stored XSS in review volume

Summary XSS can be triggered by review volumes PoC 1. Access setting tab 2. Create new assets 3. In assets name inject payload: "alert1337 4. Click Utilities tab 5. Choose all volumes, or volume trigger xss 6. Click Update asset indexes. 7. Wait to assets update success. 8. Progress complete. 9...