exploitDog

GHSA-fmgv-52p5-c3v2

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=).

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=).

Ссылки

EPSS

Процентиль: 77%

0.01089

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-38583

CVSS3: 6.1

nvd

больше 4 лет назад

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=).

EPSS

Процентиль: 77%

0.01089

Низкий

CVE ID

Дефекты

CWE-79