There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module.Referenceshttps://github.com/arterli/CmsWing/issues/54
