Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitVeshraj GhimireWPEX-ID:7569F4AC-05C9-43C9-95E0-5CC360524BBD
HistoryDec 09, 2022 - 12:00 a.m.

Superio - Job Board < 1.2.33 - Subscriber+ Stored Cross-Site Scripting

2022-12-0900:00:00
Veshraj Ghimire
63
superio job board
stored cross-site scripting
candidate
recruiter
social network
alert trigger

EPSS

0.001

Percentile

25.3%

JSON

The theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Stored Cross-Site Scripting attacks.

As a candidate, add the following payload on the Social Network option: javascript:alert(1)

As a recruiter, access the candidate page and click on the Social Network icon to see the payload trigger the alert.

Related

cve 1
cvelist 1
nvd 1
prion 1
wpvulndb 1
cve
cve
CVE-2022-4114
2023-01-02 22:15:16
cvelist
cvelist
CVE-2022-4114 Superio - Job Board < 1.2.33 - Subscriber+ Stored Cross-Site Scripting
2023-01-02 21:49:27
nvd
nvd
CVE-2022-4114
2023-01-02 22:15:16
prion
prion
Cross site scripting
2023-01-02 22:15:00
wpvulndb
wpvulndb
Superio - Job Board < 1.2.33 - Subscriber+ Stored Cross-Site Scripting
2022-12-09 00:00:00

EPSS

0.001

Percentile

25.3%

JSON
Related for WPEX-ID:7569F4AC-05C9-43C9-95E0-5CC360524BBD
cve1cvelist1nvd1prion1wpvulndb1