XSS on Hoosk v1.8

This vulnerability in `edit page` function

![image](https://user-images.githubusercontent.com/44127534/161199973-7b4bbb0b-0e34-45a7-b129-809ccde05a35.png)

Exploit with using "heading" attribute, we can custom HTML tag lead to inject `img` tag with `onerror` event, and use `HTML encoding` to bypass filter some special chars

![image](https://user-images.githubusercontent.com/44127534/161200195-baddfe74-5ab3-4952-8253-3cf37090633e.png)

PoC
![image](https://user-images.githubusercontent.com/44127534/161200213-41885611-fc74-4f00-a121-32eb2373703c.png)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

XSS on Hoosk v1.8 #63

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development