Описание
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=).
Ссылки
- ExploitThird Party Advisory
- Product
- Third Party Advisory
- ExploitThird Party Advisory
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:openbaraza:openbaraza_human_capital_management:3.1.6:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01089
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=).
EPSS
Процентиль: 78%
0.01089
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79