OneBlog is a simple and beautiful , powerful and adaptive Java blog . Developed with springboot and using Bootstrap for the front end, it supports mobile adaption and is equipped with complete front and back-end administration features. The XSS vulnerability exists in /tag/add due to a lack of filtering of user input. An attacker could use this vulnerability to obtain cookies.