Skip to main content

Stored XSS into HTML context with nothing encoded

1

Let's comment the following payload below the post:

<script>alert("1");</script>

Since this payload is stored on the page in the form of a comment it will be executed for every user that visits the page.

2

We have solved the lab.

3