Stored Cross-site Scripting (XSS)

[prodigysml]

Issue

Stored XSS found within the blog creation page. This allows attackers to get arbitrary execution of javascript code.

Steps to reproduce

1. Log into a user's account with blog writing permissions (like role user in the demo website)
2. Go to the blogs page
3. Create a blog page, with the contents of the page as follows: <img src=x onerror=alert(1)> Please ensure this payload is entered using the source code view of the blog editor

[NicoleG25]

@Renfos Was this issue ever addressed? please note that CVE-2017-1000467 was assigned