OrangeHRM 2.7 RC - 'index.php?URI' Cross-Site Scripting
source: https://www.securityfocus.com/bid/53433/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify...