SmartJobBoard – Cross-site scripting, personal information disclosure and PHPMailer package

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/smartjobboard—cross-site-scripting-personal-information-disclosure-and-phpmailer-package.html

Date:
04-Apr-2017

Product:
SmartJobBoard

Versions affected:
v5.0.9 and below.

Vulnerability:

1) Cross-site scripting vulnerabilities in the following locations and
parameters:

/add-listing/ [proceed_to_posting parameter]
/add-listing/ [productSID parameter]
/add-listing/Resume/General/ [productSID parameter]…

Leave a Reply