Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` parameters of the `wpjb-email`, `wpjb-job`, `wpjb-application`, and `wpjb-membership` modules. Remote attackers are able to inject malicious script code to hijack admin session credentials via the backend, or to manipulate the backend on client-side performed requests. The attack vector is non-persistent and the request method to inject is GET. The attacker does not need a privileged user account to perform a successful exploitation.
References
Link | Resource |
---|---|
https://www.vulnerability-lab.com/get_content.php?id=1941 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:23:35
Updated: 2022-10-03T16:23:35
Reserved: 2022-10-03T00:00:00
Link: CVE-2017-15375
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-10-16T04:29:00.407
Modified: 2017-11-06T18:28:11.403
Link: CVE-2017-15375
JSON object: View
Redhat Information
No data.
CWE