GHSA-X7WH-G25G-53VG CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Blog Post Content Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Blog Post Content in Blog Management Description The application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker...