Automattic: Stored XSS in learnboost.com via the lesson[goals] parameter.

Summary --- learnboost.com is vulnerable to stored XSS via the lessongoals parameter. Browsers Verified In --- Mozilla Firefox 58.0b12 64-bit PoC --- The payload I used was: html Click F249206 POST /apps/lesson/update HTTP/1.1 Host: www.learnboost.com User-Agent: Mozilla/5.0 X11; Linux x8664;...