OrangeHRM 2.6.11 - 'lib/controllers/CentralController.php' URI Cross-Site Scripting
source: https://www.securityfocus.com/bid/50857/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify...