Description

There is a reflected XSS in creating and searching tag function . where any user can execute any malicious code results in the cookie stealing or Account takeover vulnerability

Steps to Produce:

• Go to this particular URL URL
• Click on live edit , Now In the tag section and select the exsisting tag and click on manage tags
• Now , Click on the global tags tab and create a tag with the name as the following payload "><img src>
• Now , whoever using thebparticular tag the Malicious code will get executed

Proof of concept:
Video-Proot-of-Concept