Hi. My script rejected with reason below:
- Application is insecure.
And the reviewer sent me photo of XSS vulnerability. There is no XSS vulnerability on user-side, it is only in admin-side.
There are “Extra Header/Footer”, “Ad Code” fields and “Blog Post Content” (wysiwyg editor) field in my admin panel.
What should I do?