EIP-2026-107187

This exploit demonstrates a stored XSS vulnerability in Fork CMS 5.4.0 via the /backend/ajax endpoint. The payload injects HTML and JavaScript through the 'url' parameter in a POST request, leveraging improper input sanitization.