Stored XSS - Add Tag From Post

[NinjaGPT]

Summary

The endpoint /admin/blog/save does not perform strict validation on user-controlled input, thus allowing attackers to insert malicious code into the database. When outputting content at the endpoint /admin/tags, no encoding is performed either, resulting in a stored XSS vulnerability.

Additionally, this application has no CSRF protection, enabling attackers to exploit CSRF to trick admin users into adding tag names containing malicious code.

POC

• Post Article Function

• /admin/blog/save

SINK

• /admin/tags