PT-2021-23869 · Unknown · Google For Jobs

Georg Ringer

Published

2021-11-10

Updated

2021-11-16

CVE-2021-43561

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions google for jobs extension versions prior to 1.5.1 google for jobs extension versions 2.x prior to 2.1.1

Description An issue was discovered in the google for jobs extension where it fails to properly encode user input for output in HTML context, leading to a potential exploit. A TYPO3 backend user account is required to exploit this issue.

Recommendations For versions prior to 1.5.1, update to version 1.5.1 or later. For versions 2.x prior to 2.1.1, update to version 2.1.1 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-43561

GHSA-HFM8-2Q22-H7HV

Affected Products

Google For Jobs

PT-2021-23869 · Unknown · Google For Jobs

CVE-2021-43561

Weakness Enumeration

Related Identifiers

Affected Products

References · 6