N0boy-0 opened this issue a year ago · 0 comments
Articles published by the blog system can allow viewers to execute arbitrary javascript code.
The system did not encode the string submitted by the user, resulting in the execution of arbitrary javascript code.