Hello,I found a stored xss bug when add blog.
At first add a blog and upload image ,then edit blog.image file ”x” onerror=”alert(/xss/).
Browse blog trigger XSS.
Suggestion call safeHTML to image[‘file’].
The text was updated successfully, but these errors were encountered:
Hello,I found a stored xss bug when add blog.


At first add a blog and upload image ,then edit blog.image file ”x” onerror=”alert(/xss/).
Browse blog trigger XSS.
Suggestion call safeHTML to image[‘file’].
The text was updated successfully, but these errors were encountered: