Description: Cross Site Scripting vulnerability in GDidees v.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Page Title.
Attack Vectors: Scripting A vulnerability in the sanitization of the entry in the Page Title allows injecting JavaScript code that will be executed when the user accesses the web page.
We edit the "Outils d'édition" and see that we can inject arbitrary Javascript code in the "Titre de la page".
'"><svg/onload=prompt('text')>
In the following image you can see the embedded code that executes the payload in the main web.