Paragon Initiative Enterprises: Stored XSS in comments
Comments can contain an author's website. This website is used in the href attribute of link elements and isn't filtered. Thus it allows URLs like javascript:alert1 to be used. These URLs must be filtered by protocol, e.g. only allow http and https. These attacks are blocked by the default CSP, b...