Описание
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=).
Ссылки
- ExploitThird Party Advisory
- Product
- Third Party Advisory
- ExploitThird Party Advisory
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:openbaraza:openbaraza_human_capital_management:3.1.6:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05364
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=).
EPSS
Процентиль: 90%
0.05364
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79