PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57368 NooTheme CVE debrief

CVE-2026-57368 is a Cross-site Scripting vulnerability in Jobmonster theme version 4.8.5 or earlier. The CVE record was published on 2026-07-13T10:16:30.100Z and has not been modified since then. The vulnerability class is Improper Neutralization of Input During Web Page Generation. Likely operational impact includes Reflected XSS attacks. Source-confidence limits suggest further verification is needed.

Vendor
NooTheme
Product
Jobmonster
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of Jobmonster theme version 4.8.5 or earlier should be aware of this vulnerability. Affected operators, platforms, and security teams should review and apply vendor remediation or patch. Vulnerability management and security teams should prioritize this issue due to its high severity.

Technical summary

CVE-2026-57368 is an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS. This issue affects Jobmonster: from n/a through <= 4.8.5. The vulnerability has a high CVSS score of 7.1, indicating high severity.

Defensive priority

High priority due to high CVSS score of 7.1 and potential for Reflected XSS attacks.

Recommended defensive actions

  • Inventory and verify affected Jobmonster theme versions
  • Apply vendor remediation or patch
  • Implement compensating controls such as web application firewalls
  • Monitor for suspicious activity
  • Exception tracking and retest

Evidence notes

Evidence is limited. Primary official records indicate a Cross-site Scripting vulnerability in Jobmonster theme version 4.8.5 or earlier. The vulnerability allows Reflected XSS. Users should verify the affected scope and apply vendor remediation or patch. Limited source detail suggests defensive verification tasks are needed.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:30.100Z and has not been modified since then.