Stored XSS in the administrator’s panel due to misuse of MarkupSafe

Stored Cross Site Scripting

Disclaimer : this exploitation was realized in a legal context of a Bug Bounty. The disclosure of the information contained in this article was made with the agreement of pass Culture and comes after a patch. The Bug Bounty program is not public and participation is only possible after contracting with YesWeHack and invitation by pass Culture.

https://www.aeth.cc/public/Article-Pass-Culture/stored-xss-article-en.html