JobCareer | Job Board Responsive WordPress Theme 2.5 – Stored XSS

Proof of Concept Register a new account on the demo website: , then go to the «Resume» profile tab: . Some of input fields are vulnerable for Stored XSS Injections due to bad XSS filtering. Press the «+ Add new» link and use your payload only in the text editor area and only in the «Source» view (</> icon). Sample payload to bypass XSS filter: <h1>QUIXSS</h1>"><script>alert('QUIXSS')</script>"><img src="x" onerror="alert('QUIXSS');">