Stored XSS into HTML context with nothing encoded

Description

The website in this lab contains a stored cross-site scripting vulnerability in the comment functionality.

Reproduction and proof of concept

1. Enter the following into the comment box:

<script>alert('Hello World')</script>

2. Enter a name, email and website.

3. Click Post comment.

4. Go back to the blog.