Cross-site Scripting (XSS) is a client-side code injection attack where, an attacker can execute malicious scripts into a website or web application. Stored Cross-Site Scripting affects the web applications that allows users to store data. This action can potentially expose the users to this type of attack. This server allows unauthenticated remote attackers to conduct stored cross site scripting attacks due to improper validation of user supplied input with overly large comment text by the affected software.A successful exploit could allow the attacker to execute arbitrary script and access sensitive browser based information such as authentication cookies which could be used to launch further attacks.
The attacker can do the following impacts:-
This vulnerability can be fixed by:-