exploitDog

GHSA-c53q-wg6w-6jm7

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.

Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.

Ссылки

EPSS

Процентиль: 91%

0.065

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2011-5258

nvd

почти 13 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.

CVE-2011-5258

debian

почти 13 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM befor ...

EPSS

Процентиль: 91%

0.065

Низкий

CVE ID

Дефекты

CWE-79