CVE-2019-11032

Опубликовано: 24 апр. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

In EasyToRecruit (E2R) before 2.11, the upload feature and the Candidate Profile Management feature are prone to Cross Site Scripting (XSS) injection in multiple locations.

Ссылки

https://www.excellium-services.com/cert-xlm-advisory/
Third Party Advisory
https://www.excellium-services.com/cert-xlm-advisory/cve-2019-11032/
Third Party Advisory
https://www.excellium-services.com/cert-xlm-advisory/
Third Party Advisory
https://www.excellium-services.com/cert-xlm-advisory/cve-2019-11032/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hr-technologies:easytorecruit:*:*:*:*:*:*:*:*

Версия до 2.11 (исключая)

EPSS

Процентиль: 42%

0.00202

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-9vhj-9r44-22j8