Friday Fun Pentest Series - 11 - Stored XSS in "Edit Profile" - htmlyv2.9.9

Description

- It was found that the application suffers from stored XSS

- The vulnerability was found to be in the "Edit Profile" page

- Vulnerable parameter was "Content"

Stored XSS in "Edit Profile"

Steps to Reproduce:

1. Login as author
2. Browse to "Edit Profile"
3. In "Content" field add payload "><img src=x onerror=alert(1)>
4. Then refresh the "Edit Profile" page