Stored XSS found within the blog creation page. This allows attackers to get arbitrary execution of javascript code.
Steps to reproduce
Log into a user's account with blog writing permissions (like role user in the demo website)
Go to the blogs page
Create a blog page, with the contents of the page as follows: <img src=x onerror=alert(1)>
Please ensure this payload is entered using the source code view of the blog editor
The text was updated successfully, but these errors were encountered:
Issue
Stored XSS found within the blog creation page. This allows attackers to get arbitrary execution of javascript code.
Steps to reproduce
<img src=x onerror=alert(1)>Please ensure this payload is entered using the source code view of the blog editor
The text was updated successfully, but these errors were encountered: