CVE-2022-1170
MEDIUM NUCLEINoo JobMonster < 4.5.2.9 - Cross-Site Scripting via Search Form Input
Title source: llmExploitation Summary
CVE-2022-1170 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.
Nuclei Templates (1)
JobMonster < 4.5.2.9 - Cross-Site Scripting
MEDIUMVERIFIEDby Akincibor,ritikchaddha
Shodan:
http.html:/wp-content/themes/noo-jobmonster
FOFA:
body=/wp-content/themes/noo-jobmonster
References (2)
Core 2
Core References
Product, Third Party Advisory x_refsource_misc
https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/2ecb18e6-b575-4a20-bd31-94d24f1d1efc
Scores
CVSS v3
6.1
EPSS
0.0180
EPSS Percentile
75.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
nootheme/jobmonster
< 4.5.2.9
Published
Apr 04, 2022
Tracked Since
Feb 18, 2026