We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
When you insert a payload inside a label name or instruction of an entry type, an XSS happens in the quick post widget on the admin dashboard.
Tested with the free version of Craft CMS 4.3.6.1
gabriel-vernilo Reporter
Summary
When you insert a payload inside a label name or instruction of an entry type, an XSS happens in the quick post widget on the
admin dashboard.
PoC
2023-01-30.18-43-49.mp4
Impact
Tested with the free version of Craft CMS 4.3.6.1