2 matches found
CVE-2022-27110
OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint...
CVE-2022-27110
OrangeHRM 4.10 is reported vulnerable to a Host header injection redirect via the viewPersonalDetails endpoint. The issue stems from input handling that allows HTTP Host header manipulation to redirect users to an unintended URL, potentially exposing or guiding users to a personal-details interfa...