A Cross Site Scripting vulnerabilty exists in BlogEngine via the Description field in /blogengine/api/posts Step to exploit: 1. Login as admin. 2. Navigate to http://127.0.0.1/blogengine/admin/#/content/posts and click on "NEW". 3. Insert XSS payload `<img src=1 onerror=alert('XSS')>` in the "Description" field and click on SAVE, PUBLISH. 4. Go to Home page.   