Dreamer CMS v4.1.3 exists to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex.
dreamer cms project dreamer cms 4.1.3