Other info: the XSS also runs on topic (video PoC #2). You can find my XSS message on this URL:
https://try.discourse.org/t/recommended-reading-for-community-and-foss-enthusiasts/278
It is very dangerous because it can hit many users at the same time.
XSS can use to steal cookies, password or to run arbitrary code on victim’s browser
The hacker selected the Cross-site Scripting (XSS) - Stored weakness. This vulnerability type requires contextual information from the hacker. They provided the following answers:
URL
https://try.discourse.org/t/recommended-reading-for-community-and-foss-enthusiasts/278
Verified
Yes