Cross site scripting

The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to a...

Job Manager <= 0.7.22 - Unauthenticated Stored Cross-Site Scripting (XSS)

The Job Manager WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. PoC Go to the job listings page /index.php/jobs/apply/, then click on "send through your résumé", add the payload '" to the email field. The JavaScript will be executed on t...