Lucene search
China National Vulnerability DatabaseCNVD-2022-68518HistoryMay 24, 2022 - 12:00 a.m.
OrangeHRM Cross-Site Scripting Vulnerability (CNVD-2022-68518)
2022-05-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
orangehrm
cross-site scripting
vulnerability
data validation
post request
security
EPSS
0.001
Percentile
24.8%
OrangeHRM is a human resource management system (HRM) from OrangeHRM USA. The system supports personnel information management, leave management, time and attendance management and recruitment management, etc. A cross-site scripting vulnerability exists in OrangeHRM v4.10.1, which stems from a lack of data validation filtering of user-supplied data and output in the addNewPost component. An attacker could use this vulnerability to execute arbitrary Web script or HTML via a specially crafted POST request.
Related
cvelist
cvelist
CVE-2022-28985
2022-05-20 01:43:10
nvd
nvd
CVE-2022-28985
2022-05-20 02:15:07
prion
prion
Cross site scripting
2022-05-20 02:15:00
osv
osv
CVE-2022-28985
2022-05-20 02:15:07
cve
cve
CVE-2022-28985
2022-05-20 02:15:07