Exploit for Login with Cognito < 1.4.9 - Admin+ Stored XSS CVE-2022-4200

Name: Exploit for Login with Cognito < 1.4.9 - Admin+ Stored XSS CVE-2022-4200
Rating: 5 (155 reviews)

2022-12-07 | CVSS 0.1

## https://sploitus.com/exploit?id=WPEX-ID:AC2E3FEA-E1E6-4D90-9945-D8434A00A3CF
1. Go to "Cognito Login » Configure OAuth", and add an application.

2. Then go to "Cognito Login » Attribute/Role Mapping" and in the Username add the payload: xss'"><script>alert(/XSS/);</script>"'

3. Click "Save settings" to check the XSS popup.