A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. Affected is the function fln_update of the file /_parse/_all_edits.php. The manipulation of the argument fname/lname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link | Tags |
---|---|
https://vuldb.com/?id.289356 | third party advisory technical description vdb entry |
https://vuldb.com/?ctiid.289356 | vdb entry signature permissions required |
https://vuldb.com/?submit.469181 | third party advisory exploit vdb entry |
https://github.com/705298066/cve/blob/main/xss-2.md | third party advisory exploit |
https://code-projects.org/ | product |