Stored XSS on Edmodo

Hello everyone,
I believe sharing is caring, and I have been learning from multiple security researchers in the Infosec community. So here is the write-up of my recent finding.

The web application allows you to create a virtual library. 
In the library, you can add files, folder, links, quiz. 
And when a user adds the name to the folder with evil chars, it was sanitized correctly.

After hours of enumeration, I found another endpoint where only the folder name was getting reflected, and it was not correctly being sanitized.

Below are the steps to reproduce the stored XSS vulnerability:

1: Open Https://edmodo.com/library
2: Make a new folder
3: Input this payload “</title></head><body onload=alert(1)></body><! — “ in the name field.
4: Intercept the request and note down the [folder-id]
5: Open https://www.edmodo.com/folder/[folder-id], a pop-up will come.

Thanks, everyone for reading my write-up!

Thanks a lot, Chip for quick responses and cool swag.

About me:
https://twitter.com/rv0x00