Main Vulnerability Database Vulnerabilities #VU38067

Cross-site scripting in WPJobBoard - CVE-2017-15375

Published: October 16, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38067

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-15375

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: WPJobBoard

Affected software:
WPJobBoard

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` parameters of the `wpjb-email`, `wpjb-job`, `wpjb-application`, and `wpjb-membership` modules. Remote attackers are able to inject malicious script code to hijack admin session credentials via the backend, or to manipulate the backend on client-side performed requests. The attack vector is non-persistent and the request method to inject is GET. The attacker does not need a privileged user account to perform a successful exploitation.

How to mitigate CVE-2017-15375

Install update from vendor's website.

Sources

https://www.vulnerability-lab.com/get_content.php?id=1941

Cross-site scripting in WPJobBoard - CVE-2017-15375

Detailed vulnerability description

How to mitigate CVE-2017-15375

Sources

Please verify you're human