02 - Stored XSS into HTML context with nothing encoded

This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the blog post is viewed.

Given - XSS in comment
End goal - call alert function

Start the lab , on hompage open any given post. Scroll down to comments. In comment section write the xss payload - <script>alert(2)</script>

An alert get popped up -

Lab solved :

Prev Next