CVE-2017-15375 — MEDIUM (6.1)

Vulnerability Description

Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` parameters of the `wpjb-email`, `wpjb-job`, `wpjb-application`, and `wpjb-membership` modules. Remote attackers are able to inject malicious script code to hijack admin session credentials via the backend, or to manipulate the backend on client-side performed requests. The attack vector is non-persistent and the request method to inject is GET. The attacker does not need a privileged user account to perform a successful exploitation.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wpjobboard	Wpjobboard	4.5.1

Related Weaknesses (CWE)

CWE-79

References

https://www.vulnerability-lab.com/get_content.php?id=1941ExploitThird Party Advisory
https://www.vulnerability-lab.com/get_content.php?id=1941ExploitThird Party Advisory

FAQ

What is CVE-2017-15375?

CVE-2017-15375 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` parameter...

How severe is CVE-2017-15375?

CVE-2017-15375 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-15375?

Check the references section above for vendor advisories and patch information. Affected products include: Wpjobboard Wpjobboard.