Cross-Site Scripting (XSS) in "/posts"

A Cross Site Scripting vulnerabilty exists in Miniblog.Core via the Excerpt field in "/posts"

Step to exploit:
1. Login as admin.
2. Navigate to https://miniblogcore.azurewebsites.net/blog/edit.
3. Insert XSS payload `<img src=1 onerror=alert('XSS')>` in the "Excerpt" field and click on Save.
4. Go to Home page.

<img width="1306" alt="Screenshot 2022-08-01 at 10 26 30" src="https://user-images.githubusercontent.com/35623498/182067426-94e1946a-051d-451a-994f-2f17cd1402c8.png">


<img width="1345" alt="Screenshot 2022-08-01 at 10 27 01" src="https://user-images.githubusercontent.com/35623498/182067447-51601603-eee6-41b2-ac14-d81986619f3f.png">

<img width="1011" alt="Screenshot 2022-08-01 at 10 38 06" src="https://user-images.githubusercontent.com/35623498/182067526-cd8310fa-545e-40ff-8692-89dfa120a635.png">



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Cross-Site Scripting (XSS) in "/posts" #178

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Cross-Site Scripting (XSS) in "/posts" #178

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions