Submeter #183122: JobSeeker 1.5 - Reflected XSSinformação

TítuloJobSeeker 1.5 - Reflected XSS
Descrição# Exploit Title: JobSeeker 1.5 - Reflected XSS # Exploit Author: skalvin aka (CraCkEr) # Date: 15/07/2023 # Vendor: phpscriptpoint # Vendor Homepage: https://phpscriptpoint.com/ # Software Link: https://demo.phpscriptpoint.com/jobseeker/ # Tested on: Windows 10 Pro # Impact: Manipulate the content of the site ## Description The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials Path: /jobseeker/search-result.php GET parameter 'kw' is vulnerable to RXSS GET parameter 'lc' is vulnerable to RXSS GET parameter 'ct' is vulnerable to RXSS GET parameter 'cp' is vulnerable to RXSS GET parameter 'p' is vulnerable to RXSS https://website/jobseeker/search-result.php?kw=[XSS]&lc=[XSS]&ct=[XSS]&cp=[XSS]&p=[XSS] [-] Done
Utilizador
 skalvin (UID 49463)
Submissão15/07/2023 21h54 (há 3 anos)
Moderação23/07/2023 15h03 (8 days later)
EstadoAceite
Entrada VulDB235207 [phpscriptpoint JobSeeker 1.5 /search-result.php kw/lc/ct/cp/p Script de Site Cruzado]
Pontos17

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!