When an authenticated user sets title as XSS payload "><img src=1 onerror=alert(1)>, which perform XSS
An unchecked title parameter in 07FlyCRM (https://gitee.com/07fly/FLY-CRM/) system extension module allows authenticated users to perform XSS.
07FlyCRM≤1.2.9
When an authenticated user sets title as XSS payload "><img src=1 onerror=alert(1)>, which perform XSS