CVE-2022-1170

MEDIUM NUCLEI

Nootheme Jobmonster < 4.5.2.9 - XSS

Title source: rule

Description

In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.

Nuclei Templates (1)

JobMonster < 4.5.2.9 - Cross-Site Scripting

MEDIUMVERIFIEDby Akincibor,ritikchaddha

Shodan: http.html:/wp-content/themes/noo-jobmonster

FOFA: body=/wp-content/themes/noo-jobmonster

References (2)

[Product, Third Party Advisory] https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/2ecb18e6-b575-4a20-bd31-94d24f1d1efc

Scores

CVSS v3 6.1

EPSS 0.0093

EPSS Percentile 76.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

nootheme/jobmonster < 4.5.2.9

Published Apr 04, 2022

Tracked Since Feb 18, 2026