Exploit for Hana Flv Player <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS) CVE-2021-24302

Name: Exploit for Hana Flv Player <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS) CVE-2021-24302
Rating: 5 (289 reviews)

2021-05-05 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:372A66CA-1C3C-4429-86A5-81DBDAA9EC7D
Step1: Install and activate the plugin. 

Step2: Go to the plugin setting.

Step3: Enter the following payload in the field "Default Skin"

xss"></td></tr></table><script>alert(1)</script><input type='text' name="hflv_skin" value="xss

Step4: Now the script is stored and whenever the user goes to the plugin the script will be executed.