Stored XSS into HTML context with nothing encoded

Stored XSS into HTML context with nothing encoded

Solution

Put XSS payload to blog post

Payload: <script>alert("hacked")</script>