Stored XSS - Add Tag

[NinjaGPT]

Summary

The endpoint /admin/tags/save does not perform strict validation on user-controlled input, thus allowing attackers to insert malicious code into the database. When outputting content at the endpoint /admin/tags, no encoding is performed either, resulting in a stored XSS vulnerability.

Additionally, this application has no CSRF protection, enabling attackers to exploit CSRF to trick admin users into adding tag names containing malicious code.

POC

• /admin/tags/save

SINK

• /admin/tags