CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24421 – WP JobSearch < 1.7.4 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24421
The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue El plugin WP JobSearch de WordPress versiones anteriores a 1.7.4, no saneaba o escapaba de varios de sus parámetros de la página my-resume antes de mostrarlos en la página, permitiendo a usuarios pocos privilegiados usar cargas útiles de JavaScript en ellos y conllevando a un problema de tipo Cross-Site Scripting Almacenado • https://m0ze.ru/vulnerability/%5B2021-05-19%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-JobSearch-WordPress-Plugin-v1.7.3.txt https://wpscan.com/vulnerability/b378d36d-66d9-4373-a628-e379e4766375 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1168 – JobSearch < 1.5.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-1168
There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1. Se presenta una vulnerabilidad de tipo Cross-Site Scripting en el plugin JobSearch WP JobSearch de WordPress versiones anteriores a 1.5.1 There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1 via search_title parameter. • https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856 https://wpscan.com/vulnerability/bcf38e87-011e-4540-8bfb-c93443a4a490 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •