CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1166 – JobMonster < 4.6.6.1 - Directory Listing in Upload Folder
https://notcve.org/view.php?id=CVE-2022-1166
11 Sep 2020 — The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen. El tema JobMonster era vulnerable a un Listado de Directorios en la carpeta /wp-content/uploads/jobmonster/, ya que no incluía un archivo PH... • https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1170 – JobMonster < 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1170
24 Oct 2019 — In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. En el tema Noo JobMonster de WordPress versiones anteriores a 4.5.2.9, JobMonster se presenta una vulnerabilidad de tipo XSS como la entrada para el formulario de búsqueda es proporcionada mediante peticiones GET sin sanear • https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •