CVE-2021-24421

CVE-2021-24421: WP JobSearch < 1.7.4 - Authenticated Stored XSS

Vendor Unknown
Product WP JobSearch
Weakness CWE-79 · XSS
Published July 12, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue

Key dates

02Disclosure timeline

July 12, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE