CVE-2025-52798 — Cross-site Scripting in Jobsearch

CWE-79 — Cross-site Scripting CWE-1333 — Regex Denial of Service4 documents4 sources

Severity

7.7HIGH

No vector

EPSS

0.1%

top 84.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eyecix Jobsearch

Timeline

PublishedJul 4

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through < 3.0.6.

Affected Packages1 packages

▶CVEListV5eyecix/jobsearch3.0.6

🔴Vulnerability Details

CVEList

WordPress JobSearch plugin < 3.0.6 - Reflected Cross Site Scripting (XSS) Vulnerability↗2025-07-04

▶

GHSA

GHSA-h5qw-r6gw-wg6w: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch allows Reflected XSS↗2025-07-04

▶

📋Vendor Advisories

Microsoft

path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x↗2024-12-10

▶