Chaining Stored XSS and CSRF in Typemill CMS: A Deep Dive into Attribute Injection (opens in new tab)

How I bypassed frontend validation to inject malicious scripts into page metadata and steal admin sessions.