Cross-site Scripting Vulnerability in PickPlugins Job Board Manager
CVE-2025-22679
7.1HIGH
Key Information:
- Vendor
- Pickplugins
- Status
- Job Board Manager
- Vendor
- CVE Published:
- 3 February 2025
Summary
A Cross-site Scripting (XSS) vulnerability exists in the PickPlugins Job Board Manager, allowing attackers to inject malicious scripts into web pages. This flaw can lead to reflected XSS attacks, potentially compromising user data and session integrity. Affected versions range from n/a to 2.1.60, making users vulnerable to exploitation unless patched.
Affected Version(s)
Job Board Manager <= 2.1.60
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
0xd4rk5id3 (Patchstack Alliance)