# Description
Reflected XSS via filter bypass on /api/module using type= parameter.

# Proof of Concept
“`
https://demo.microweber.org/demo/api/module?type=&live_edit=true&from_url=test
“`
The value of the “type” parameter is injected into the source code of the page at line 63. Since the value of the “type” parameter is not sanitized, it is possible to close the div tag with ‘ ‘ and then put javascript code.Read More