## https://sploitus.com/exploit?id=WPEX-ID:33DDDAEC-A32A-4FCE-89D6-164565BE13E1
Edit a client ("OAuth Server > Clients) and put the following payload in the "Client ID" field: "><script>alert(/XSS/)</script>
The XSS will be triggered in the Clients list, as well as when editing the client
v4.2.1 added sanitisation, but no escaping, so a payload like " style=animation-name:rotation onanimationstart=alert(/XSS/)// would work as well (but only be triggered when editing the client)