6.1
CVE-2022-1167
- EPSS 1.1%
- Veröffentlicht 04.04.2022 16:15:10
- Zuletzt bearbeitet 21.11.2024 06:40:10
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginCareerUp < 2.3.1 - Unauthenticated Reflected Cross-Site Scripting
CareerUp < 2.3.1 - Reflected Cross-Site Scripting
There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters.
Mögliche Gegenmaßnahme
CareerUp - Job Board WordPress Theme: Update to version 2.3.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apusthemes ≫ Careerup SwPlatformwordpress Version < 2.3.1
Weitere Schwachstelleninformationen
SystemWordPress Theme
≫
Produkt
CareerUp - Job Board WordPress Theme
Version
[*, 2.3.1)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.1% | 0.614 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://m0ze.ru/vulnerability/%5B2020-06-17%5D-%5BWordPress%5D-%5BCWE-79%5D-CareerUp-WordPress-Theme-v2.3.0.txt
https://themeforest.net/item/careerup-job-board-wordpress-theme/24002090
https://wpscan.com/vulnerability/a30a1430-c474-4cd1-877c-35c4ab624170
https://www.wordfence.com/threat-intel/vulnerabilities/id/7a4ef9e6-2299-4024-a6a9-482199ca06db