Share
## https://sploitus.com/exploit?id=WPEX-ID:30635CC9-4415-48BB-9C67-EA670EA1B942
When adding new courses, the following fields can have XSS payloads like "><script>alert(1)</script> injected into them: 
- Course Settings > General > External Link field 
- Course Settings > Extra Information > Requirements field
- Course Settings > Extra Information > Target Audience field
- Course Settings > Extra Information > Key Features field
- Course Settings > Extra Information > FAQ Title field