Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2020-19335 | CWE-79 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2019-04-22 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 0.02192 | 0.50148 |
[+] :: Title: JobCareer | Job Board Responsive WordPress Theme v2.5 Stored XSS Injection [+] :: Author: QUIXSS [+] :: Date: 2019-04-22 [+] :: Software: JobCareer | Job Board Responsive WordPress Theme v2.5 [?] :: Technical Details & Description: # Weak security measures like bad input fields data filtering has been discovered in the JobCareer | Job Board Responsive WordPress Theme. Current version of this WordPress premium theme is 2.5. [?] :: Demo Website: # https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636 # Frontend: http://jobcareer.chimpgroup.com/ [!] :: Special Note: # 6.026 Sales [!] :: PoC Injection: # http://jobcareer.chimpgroup.com/candidate/asdasdasdasdasd/ [+] :: PoC [Stored XSS Injection]: # Register a new account on the demo website: http://jobcareer.chimpgroup.com/ (no email validation plus auto redirect after u submit the registration form). Then go to the Resume profile tab: http://jobcareer.chimpgroup.com/candidate-dashboard/?profile_tab=resume # Some ot input fields are vulnerable for Stored XSS Injections due to bad XSS filtering. Press the + Add new link and use your payload only in the text editor area and only in the Source view (</> icon). # Sample payload to bypass XSS filter: <h1>QUIXSS</h1>"><script>alert('QUIXSS')</script>"><img src="x" onerror="alert('QUIXSS');">
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.