Closed wind226 closed 4 years ago
Oof, big yikes.
In general this should be not much of a concern, since modifying pages/article data is behind authentication anyway, but we will have to take a look into this anyway. Not good.
Thanks for the report!
step1: access:http://backend.yii2-starter-kit.terentev.net/content/page/index Click Fill in:xss payload The last plugin that triggers xss