3 matches found
CVE-2014-1224
CVE-2014-1224 affects rexx Recruitment (R6.1 and R7) with an incomplete blacklist that does not remove the oninput event handler from user input in /reg, enabling remote XSS via the fname field. The root cause is failure to neutralize unknown HTML/JS event handlers in user-supplied data; a proof-...
[RT-SA-2014-002] rexx Recruitment: Cross-Site Scripting in User Registration
Advisory: rexx Recruitment Cross-Site Scripting in User Registration RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in rexx Recruitment's user registration page during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to suc...
rexx Recruitment Cross Site Scripting
Advisory: rexx Recruitment Cross-Site Scripting in User Registration RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in rexx Recruitment's user registration page during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to suc...