Exploit for Hotjar Connecticator <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS) CVE-2021-24301

Name: Exploit for Hotjar Connecticator <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS) CVE-2021-24301
Rating: 5 (439 reviews)

2021-05-04 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:EB8E2B9D-F153-49C9-862A-5C016934F9AD
Step 1: Install and activate the plugin "Hotjar Connecticator"

Step 2: Now enter the following script on the "Hotjar script" text field.

abc</textarea><script>alert(xss)</script>

Step 3: Now we can see the script is stored and executed all the when we visit the website.