Exploit for Events Made Easy < 2.2.24 - Admin+ Stored Cross-Site Scripting CVE-2021-24813

Name: Exploit for Events Made Easy < 2.2.24 - Admin+ Stored Cross-Site Scripting CVE-2021-24813
Rating: 5 (237 reviews)

2021-10-04 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:A1FE0783-7A88-4D75-967F-CEF970B73752
Add/Edit a Custom Field (/wp-admin/admin.php?page=eme-formfields) and put the following payload in the Field Name: a<script>alert(/XSS/)</script>

The XSS will be triggered when accessing some pages like Custom Field, Pending Bookings, Approved Bookings