Stored XSS (Cross-Site Scripting) is a type of web application vulnerability that allows an attacker to inject malicious scripts into a website or web application. Unlike reflected XSS, where the malicious script is embedded in a URL and executed immediately, stored XSS involves the persistence of the malicious script on the target website.
1. Login as admin.
2. Go to Content -> Edit or Add FAQs -> in Question field, enter XSS payload like "><h1>XSS</h1>
3. Go to Category page that has xss payload FAQs and XSS will trigger.
#POC
https://drive.google.com/file/d/1thIMmEOUPSDTThO8eouvnYnBtAn_oOiW/view?usp=sharing