# Title: Worksuite CMS - Multiple XSS
# Author: @Eawhitehat - Eren Arslan
# Vendor: https://worksuite.biz
# Demo available : https://demo.worksuite.biz
# CVE: N/A
# XSS
Used Payload : </script><svg onload=alert(1234)>
Demo :
Admin : admin@example.com 123456
Method :
Connect to panel,
Go to :
Select or create one user : Entry random information in all category and paste to description the payload : </script><svg onload=alert(1234)>
Re-select your created users and look the payload loaded
Affected page :
../account/leads
../account/clients
../account/employees
../account/leaves