3 matches found
CVE-2024-7269
Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any...
PT-2024-38221 · Unknown · Connx Esp Hr Management
Name of the Vulnerable Software and Affected Versions: ConnX ESP HR Management versions prior to 6.6 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation vulnerability in the "Update of Personal Details" form, allowing a Stored XSS attack. An attacke...
ConnX ESP HR Management SQL Injection Vulnerability
ConnX ESP HR Management is a modular web-based HR management solution from ConnX Australia. A SQL injection vulnerability exists in ConnX ESP HR Management version 4.4.0. The vulnerability can be exploited by a remote attacker to execute arbitrary SQL commands by sending the...