PT-2018-12930 · Php Scripts Mall · Myperfectresume / Jobhero / Resume Clone Script

Published

2018-08-09

Updated

2018-10-11

CVE-2018-15183

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script version 2.0.6

Description The issue concerns a Stored XSS flaw that can be triggered via the Full Name and Title fields.

Recommendations For version 2.0.6, update to a newer version that contains a fix for this issue, or as a temporary workaround, consider validating and sanitizing user input for the Full Name and Title fields to prevent malicious code injection.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-15183

Affected Products

Myperfectresume / Jobhero / Resume Clone Script

PT-2018-12930 · Php Scripts Mall · Myperfectresume / Jobhero / Resume Clone Script

CVE-2018-15183

Weakness Enumeration

Related Identifiers

Affected Products

References · 3