Submit #183122: JobSeeker 1.5 - Reflected XSSinfo

TitelJobSeeker 1.5 - Reflected XSS
Beschreibung# Exploit Title: JobSeeker 1.5 - Reflected XSS # Exploit Author: skalvin aka (CraCkEr) # Date: 15/07/2023 # Vendor: phpscriptpoint # Vendor Homepage: https://phpscriptpoint.com/ # Software Link: https://demo.phpscriptpoint.com/jobseeker/ # Tested on: Windows 10 Pro # Impact: Manipulate the content of the site ## Description The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials Path: /jobseeker/search-result.php GET parameter 'kw' is vulnerable to RXSS GET parameter 'lc' is vulnerable to RXSS GET parameter 'ct' is vulnerable to RXSS GET parameter 'cp' is vulnerable to RXSS GET parameter 'p' is vulnerable to RXSS https://website/jobseeker/search-result.php?kw=[XSS]&lc=[XSS]&ct=[XSS]&cp=[XSS]&p=[XSS] [-] Done
Benutzer
 skalvin (UID 49463)
Einreichung15.07.2023 21:54 (vor 3 Jahren)
Moderieren23.07.2023 15:03 (8 days later)
StatusAkzeptiert
VulDB Eintrag235207 [phpscriptpoint JobSeeker 1.5 /search-result.php kw/lc/ct/cp/p Cross Site Scripting]
Punkte17

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!