Stored XSS – Devo.com
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
“><img src=x onerror=alert(1)>
Steps To Reproduce:
1. Goto administration and then role management..
2. Create “New Role” with XSS Payload.
3.Now Click on delete . XSS executed.