Advertisement






JobCareer | Job Board Responsive WordPress Theme v2.5 Stored XSS Injection

CVE Category Price Severity
CVE-2020-19335 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2019-04-22
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019040200

Below is a copy:

JobCareer | Job Board Responsive WordPress Theme v2.5 Stored XSS Injection
[+] :: Title: JobCareer | Job Board Responsive WordPress Theme v2.5 Stored XSS Injection
[+] :: Author: QUIXSS
[+] :: Date: 2019-04-22
[+] :: Software: JobCareer | Job Board Responsive WordPress Theme v2.5
  
[?] :: Technical Details & Description:
# Weak security measures like bad input fields data filtering has been discovered in the JobCareer | Job Board Responsive WordPress Theme. Current version of this WordPress premium theme is 2.5.

[?] :: Demo Website:
# https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
# Frontend: http://jobcareer.chimpgroup.com/

[!] :: Special Note:
# 6.026 Sales

[!] :: PoC Injection:
# http://jobcareer.chimpgroup.com/candidate/asdasdasdasdasd/

[+] :: PoC [Stored XSS Injection]:
# Register a new account on the demo website: http://jobcareer.chimpgroup.com/ (no email validation plus auto redirect after u submit the registration form). Then go to the Resume profile tab: http://jobcareer.chimpgroup.com/candidate-dashboard/?profile_tab=resume
# Some ot input fields are vulnerable for Stored XSS Injections due to bad XSS filtering. Press the + Add new link and use your payload only in the text editor area and only in the Source view (</> icon).
# Sample payload to bypass XSS filter: <h1>QUIXSS</h1>"><script>alert('QUIXSS')</script>"><img src="x" onerror="alert('QUIXSS');">

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.