CVE-2012-1507

CVE-2012-1507 is a set of Cross-Site Scripting (XSS) vulnerabilities in OrangeHRM prior to 2.7, exploitable via user-supplied input in three vectors: newHspStatus (plugins/ajaxCalls/haltResumeHsp.php), sortOrder1 (templates/hrfunct/emppop.php), and uri (index.php). The issue stems from insufficie...

Multiple vulnerabilities in OrangeHRM

Advisory ID: HTB23080 Product: OrangeHRM Vendor: OrangeHRM Inc. Vulnerable Versions: 2.7 RC and probably prior Tested Version: 2.7 RC Vendor Notification: 7 March 2012 Vendor Patch: 24 April 2012 Public Disclosure: 9 May 2012 Vulnerability Type: SQL Injection, Cross-Site Scripting XSS CVE...