XSS Vulnerability Discovered

[LifeHackerBee]

Description:
The stored XSS can be triggered once you editing content by using Redactor 3 in HTML Mode.

POC:

1. I pen-tested the official showcase website of Redactor 3: https://imperavi.com/redactor/, it has a demo editor in its front page.

Then, click the icon to use HTML content mode:

2.
inject XSS payload

3. XSS discovered!