CVE-2022-1169 – Careerfy < 3.9.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2022-1169

There is a XSS vulnerability in Careerfy. Se presenta una vulnerabilidad de tipo XSS en Careerfy The Careerfy theme plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to 3.9.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://themeforest.net/item/careerfy-job-board-wordpress-theme/21137053 https://wpscan.com/vulnerability/f3a1dcad-528a-4ecc-ac8e-728caa7c9878 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •