JobCareer | Job Board Responsive WordPress Theme v2.5 Stored XSS Injection

  exploits
Proof of Concept
http://jobcareer.chimpgroup.com/candidate/asdasdasdasdasd/ Register a new account on the demo website: http://jobcareer.chimpgroup.com/ , then go to the «Resume» profile tab: http://jobcareer.chimpgroup.com/candidate-dashboard/?profile_tab=resume . Some of input fields are vulnerable for Stored XSS Injections due to bad XSS filtering. Press the «+ Add new» link and use your payload only in the text editor area and only in the «Source» view (</> icon). Sample payload to bypass XSS filter: <h1>QUIXSS</h1>"><script>alert('QUIXSS')</script>"><img src="x" onerror="alert('QUIXSS');">