Storage XSS in article comments

[Al1ex]

This newest version of the zrlog has a storage XSS in article comments.The attacker can insert the malicious XSS code into the comments and submit it. When the background blogger views the comments, the XSS code can be triggered successfully, causing the cookie of the blogger to be stolen 1、Login to the backstage as the admin; 2、Using another browser, Firefox, to simulate tourists to leave messages and insert malicious XSS attack code： Payload：test 3、Comment success 4、After that, when the blogger accesses the background comments, the malicious XSS code can be triggered successfully:

Suggestion:Strictly filter the user's input and strictly code the output