ByteOS Network

nicejob

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2024-54318

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.05% / 16.57%

7 Day CHG+0.01%

Published-13 Dec, 2024 | 14:25

Updated-13 Dec, 2024 | 16:15

WordPress NiceJob plugin <= 3.6.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a through 3.6.5.

Vendor-nicejob

Product-NiceJob

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-10887

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.4||MEDIUM

EPSS-0.12% / 30.99%

7 Day CHG~0.00%

Published-13 Nov, 2024 | 02:02

Updated-13 Nov, 2024 | 17:01

NiceJob <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes (nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories) in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor-nicejob

Product-NiceJob

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')