Stored XSS in Comments Section

A Cross Site Scripting vulnerabilty exists in Miniblog.Core Post Comments.

Step to exploit:

- Navigate to https://miniblogcore.azurewebsites.net/blog/{{blogname}}/#comments
- Insert XSS payload <img src=1 onerror=alert('XSS')> in the "comments" section and fill the rest of the details and click on Post Comments.
- Refresh.
<img width="1077" alt="image" src="https://user-images.githubusercontent.com/54571841/184477765-b39a3c60-b5b6-4ea3-a828-0421b7276b51.png">


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Stored XSS in Comments Section #179

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Stored XSS in Comments Section #179

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions