Stored XSS - Blog Category

# Summary
 
This XSS vulnerability is different from the previously disclosed CVE-2023-29639 (blog article content) and CVE-2023-29636(blog article tile). This vulnerability occurs when adding blog categories, where the backend implementation lacks strict input validation, allowing XSS payloads to be inserted into the database. The frontend and backend output pages also lack proper encoding, leading to Stored XSS attacks. Additionally, this application has no CSRF protection, enabling attackers to exploit CSRF to trick admin users into adding blog category names containing malicious code.

# POC

- Capture the request and modify categoryName to XSS payload on the endpoint /admin/categories/save, then the malicious code will be stored in database.


<img width="1012" height="566" alt="Image" src="https://github.com/user-attachments/assets/3d22559e-e004-4715-8200-421b3417539f" />

### SINKS:
- Access to http://localhost:28083/admin/categories

<img width="2010" height="988" alt="Image" src="https://github.com/user-attachments/assets/90977325-a5e5-431d-9661-fed986c0bb99" />

- Access to http://localhost:28083/admin/blogs

<img width="2954" height="912" alt="Image" src="https://github.com/user-attachments/assets/6fc81d80-775e-46d1-9006-3ab262dc0d95" />

- Access to http://localhost:28083/index (any article use this Category)

<img width="1998" height="1084" alt="Image" src="https://github.com/user-attachments/assets/a4c17485-e938-49e7-ad7a-1226c101daed" />



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Stored XSS - Blog Category #146

Summary

POC

SINKS:

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Stored XSS - Blog Category #146

Description

Summary

POC

SINKS:

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions