.. | |||
README.md | Loading last commit info... |
README.md
JobMonster < 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting
Description
In the theme JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.
Note (WPScanTeam): It's unclear which exact version fixed the issue, but the lowest we were able to test and confirm remediation was 4.5.2.9.
Proof of Concept
https://example.com/resumes/?s=%22%3E%3Cimg+src%3Dx+onerror%3Dalert(1)%3E