5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
The plugin did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue
Vulnerable parameter(s): &jobsearch;_field_education_title[]=, &jobsearch;_field_education_academy[]=, &jobsearch;_field_experience_company[]=, &jobsearch;_field_portfolio_title[]=, &jobsearch;_field_portfolio_vurl[]=, &jobsearch;_field_portfolio_url[]=, &jobsearch;_field_skill_title[]=, &jobsearch;_field_lang_title[]=. PoC | Authenticated Persistent XSS | Candidate Profile: POST /plugins/jobsearch/user-dashboard/?tab=my-resume HTTP/2 Cookie: [user cookies] User-Agent: Mozilla/5.0 Content-Type: application/x-www-form-urlencoded Content-Length: 1612 jobsearch_field_resume_cover_letter=PoC&candidate;_cover_file=&get;_cand_skills%5B%5D=1553&jobsearch;_field_education_title%5B%5D=
CPE | Name | Operator | Version |
---|---|---|---|
wp-jobsearch | lt | 1.7.4 | |
careerfy | lt | 6.3.0 |
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N