1.Register a user
Register via the home registration button and go to the
select post article
2.post a new article
Then fill in the following payload in the title, description, content [source] to test
test<img src=x onerror=alert(document.cookie)>
3.Administrator review article
New users need to review articles when they are published. Administrators can log in to the background and the vulnerability can be triggered when new articles are reviewed. After the article is approved, the vulnerability continues to affect users at the front desk.