Description
There is a reflected XSS in creating and searching tag function . where any user can execute any malicious code results in the cookie stealing or Account takeover vulnerability
Steps to Produce:
- Go to this particular URL URL
- Click on live edit , Now In the tag section and select the exsisting tag and click on manage tags
- Now , Click on the global tags tab and create a tag with the name as the following payload "><img src>
- Now , whoever using thebparticular tag the Malicious code will get executed
Proof of concept:
Video-Proot-of-Concept