OrangeHRM is a human resource management system (HRM) from OrangeHRM USA. The system supports personnel information management, leave management, time and attendance management and recruitment management, etc. A cross-site scripting vulnerability exists in OrangeHRM v4.10.1, which stems from a lack of data validation filtering of user-supplied data and output in the addNewPost component. An attacker could use this vulnerability to execute arbitrary Web script or HTML via a specially crafted POST request.