02 - Stored XSS into HTML context with nothing encoded
Given XSS in comment
End goal call alert function
Start the lab , on home page open any given post. Scroll down to comments. In comment section write out xss payload which calls the alert function of javascript to give an alert popup.
Payload <script>alert(2)</script>

After submitting the comment we got an alert pop-up that means our payload get stored into the page and weh a user visits that page then our payload would get executed.

Lab solved :

(If you have any type of query / Question / suggestion .. feel free to ask below. We would be happy to connect you. Have a great day buddy!!)