Lucene search
WpvulndbWPVDB-ID:8DDF81F6-B0BE-4F66-B9D7-589B83950E46HistoryOct 15, 2021 - 12:00 a.m.
Indeed Job Importer <= 1.0.5 - Admin+ Stored Cross-Site Scripting
2021-10-1500:00:00
wpscan.com
7
plugin
cross-site scripting
input validation
sanitization
administrative access
multi-site installation
unfiltered_html
EPSS
0.001
Percentile
26.9%
The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
Related
patchstack
patchstack
prion
prion
Cross site scripting
2021-10-19 15:15:00
nvd
nvd
CVE-2021-39355
2021-10-19 15:15:07
cve
cve
CVE-2021-39355
2021-10-19 15:15:07
cvelist
cvelist