Stored XSS in the administrator’s panel due to misuse of MarkupSafe

Stored Cross Site Scripting

Disclaimer : this exploitation was realized in a legal context of a Bug Bounty. The disclosure of the information contained in this article was made with the agreement of pass Culture and comes after a patch. The Bug Bounty program is not public and participation is only possible after contracting with YesWeHack and invitation by pass Culture.