Cross Site Scripting (XSS) in Members Add

[sinemsahn]

Describe the bug
Cross Site Scripting (XSS) in the fiekd tooltip section of the members add page.
version: 4.2.1

To Reproduce
Steps to reproduce the behavior:

Go to 'CMS Field Add page'
Insert into a XSS payload in tooltip section
And XSS save
Go to 'Members add page'
xss payload works automatically

[vbezruchkin]

Why would a person that has access to admin panel dot this type? Just curious how you see it.

[sinemsahn]

A person who has infiltrated the system can try all means from a malicious point of view. And that's one of the options he could look at

[sinemsahn]

I want to get cve like this. A cve has been given in your previous products for such clarity. Can you help me?

Thanks.

[sinemsahn]

@vbezruchkin

[junni18]

stop alert

…

On Wed, Dec 21, 2022 at 1:47 AM Sinem Şahin ***@***.***> wrote: @vbezruchkin <https://github.com/vbezruchkin> — Reply to this email directly, view it on GitHub <#895 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AF3MRRIWQKRETKRDLTE3JR3WOHWMFANCNFSM6AAAAAARAIMDKI> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>