XzAeRo
commented
4 years ago Oof, big yikes.
In general this should be not much of a concern, since modifying pages/article data is behind authentication anyway, but we will have to take a look into this anyway. Not good.
Thanks for the report!
step1: access:http://backend.yii2-starter-kit.terentev.net/content/page/index Click
Fill in:xss payload
The last plugin that triggers xss
