Hello ,
i found an authenticated reflected xss via path fragment this was exploitable through trusting user input in url path fragement
, please note : if you wrote a different payload you need to URL Encode the payload twice
Enter this url : https://demo.collectiveaccess.org/index.php/system/Error/Show/n/3250%22%253CScRiPt%2520%253Ealert(%221337%22)%253C%252FsCripT%253E
Kind Regards,
Rawi (@0xRaw)