Description: Rite CMS 3.0 is affected by a Cross-Site scripting (XSS) stored vulnerability that allows attackers to execute arbitrary code via a crafted payload in to the Global Content Blocks in the Administration Menu.
Attack Vectors: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
When logging into the panel, we will go to the "Administration - Global Content Blocks - Home" .
We edit the body configuration where we add the XSS payloads.
'"><svg/onload=alert('document.domain')>
And when we save it, we will see that the XSS pop-up appears