Stored XSS - Wine Review Comment
TaintedPort
Vuln ID
TP-010
Title
Stored XSS - Wine Review Comment
Severity
medium
Type
XSS
HTTP Method
POST
URL
/wines/:id/reviews
Parameter
comment
Filename
-
Code Location
frontend/app/wines/[id]/page.js line 395
Description
The review comment is stored without sanitization and rendered using dangerouslySetInnerHTML. Any visitor sees the XSS payload.
Proof of Concept
comment = <img src=x onerror=alert(document.cookie)>Remediation
Use JSX text interpolation or DOMPurify.