Lucene search
Veshraj GhimireWPVDB-ID:7569F4AC-05C9-43C9-95E0-5CC360524BBDHistoryDec 09, 2022 - 12:00 a.m.
Superio - Job Board < 1.2.33 - Subscriber+ Stored Cross-Site Scripting
2022-12-0900:00:00
Veshraj Ghimire
wpscan.com
11
superio job board
version 1.2.33
stored cross-site scripting
vulnerability
low role users
xss attacks
security flaw
EPSS
0.001
Percentile
25.3%
The theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Stored Cross-Site Scripting attacks.
PoC
As a candidate, add the following payload on the Social Network option: javascript:alert(1) As a recruiter, access the candidate page and click on the Social Network icon to see the payload trigger the alert.
Related
cve
cve
CVE-2022-4114
2023-01-02 22:15:16
wpexploit
wpexploit
Superio - Job Board < 1.2.33 - Subscriber+ Stored Cross-Site Scripting
2022-12-09 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2022-4114
2023-01-02 22:15:16
prion
prion
Cross site scripting
2023-01-02 22:15:00