Stored xss in ALBUM DESCRIPTION

Album descriptions that take user generated text typically have strong protections around XSS, however the researcher was able to bypass this protection by adding unsafe text to the description field in a rarely accessed area of the site. This led to a reflected XSS which would trigger as soon as a user accessed the infected album.