Vulnerable parameter : Title
About : Stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use.
POC : Step 1 : open below URL : http://demo.navigatecms.com/navigate/navigate.php?fid=items&act=edit&id=19&tab=2&tab_language=en
step 2 : insert malicious script inside title parameter. <img src=xss onerror=alert(1)>
step 3: below image, you can see malicious script will get executed.
Imapact : XSS is almost limitless, but they commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user's machine
Mitigation : 1. Input sanitization 2. Output encoding 3. Input validation