2 matches found
CVE-2022-28985
A stored cross-site scripting XSS vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...
CVE-2022-28985
CVE-2022-28985 is a stored XSS vulnerability in OrangeHRM v4.10.1, caused by lack of data validation/escaping in the addNewPost component that allows a crafted POST request to execute script/HTML in a user’s browser. Affected software is OrangeHRM (v4.10.1); the vulnerability is triggered via POS...