Lucene search
WpvulndbWPVDB-ID:899AC304-B1AD-490B-8E85-FB0D9E444626HistoryOct 21, 2021 - 12:00 a.m.
Simple Job Board < 2.9.5 - Admin+ Stored Cross-Site Scripting
2021-10-2100:00:00
wpscan.com
11
0.001 Low
EPSS
Percentile
26.6%
The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo’d out via the ~/admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| simple-job-board | lt | 2.9.5 |
Related
cve
cve
CVE-2021-39328
2021-10-21 20:15:07
patchstack
patchstack
cvelist
cvelist
prion
prion
Cross site scripting
2021-10-21 20:15:00
nvd
nvd
CVE-2021-39328
2021-10-21 20:15:07
cnvd
cnvd
WordPress Cross-Site Scripting Vulnerability (CNVD-2021-83664)
2021-10-25 00:00:00