# Vulnerability Title: Stored Cross Site Scripting - Create Event Module
# Vendor Homepage: https://pandorafms.com/en/
# Version: <= v765
# CVE: CVE-2022-47372
# CVSS 3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (5.4 Medium)
# Exploit Author: Damodar Naik
# Date: 02/14/2023
- Create new Event as an attacker.
- Add a XSS payload in free search field and create a event.
- Browse the Event filter module as an Admin, and click on the event which was created.
- The XSS payload will be executed.