Stored XSS - Add Tag From Post

# Summary

The endpoint /admin/blog/save does not perform strict validation on user-controlled input, thus allowing attackers to insert malicious code into the database. When outputting content at the endpoint /admin/tags, no encoding is performed either, resulting in a stored XSS vulnerability.

Additionally, this application has no CSRF protection, enabling attackers to exploit CSRF to trick admin users into adding tag names containing malicious code.

# POC

- Post Article Function

<img width="2468" height="1060" alt="Image" src="https://github.com/user-attachments/assets/107763e5-9f22-49d3-8170-f22f07588b4d" />

- /admin/blog/save

<img width="938" height="626" alt="Image" src="https://github.com/user-attachments/assets/ca13dc18-0aad-46d3-a9e0-1b4ef2acfead" />

### SINK

- /admin/tags

<img width="1806" height="1200" alt="Image" src="https://github.com/user-attachments/assets/aaee67ba-dbe5-4952-af7c-7bcb81e430bc" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Stored XSS - Add Tag From Post #148

Summary

POC

SINK

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Stored XSS - Add Tag From Post #148

Description

Summary

POC

SINK

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions