Exploit for miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting CVE-2022-1321

Name: Exploit for miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting CVE-2022-1321
Rating: 5 (76 reviews)

2022-06-06 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:B8784995-0DEB-4C83-959F-52B37881E05C
Enable 2FA + Website Security and put the following payload in the "Advanced Blocking" tab > "Block HTTP Referer's" section > “Add Referer" field: "><img src=x onerror=alert(/XSS/)>