EUVD-2020-21435

Malware in sbrugna...

CVE-2020-29053

HRSALE 2.0.0 allows XSS via the admin/project/projectscalendar setdate parameter...

Design/Logic Flaw

HRSALE 2.0.0 allows XSS via the admin/project/projectscalendar setdate parameter...

CVE-2020-29053

CVE-2020-29053 affects HRSALE 2.0.0 and is a cross-site scripting vulnerability exploitable via the admin/project/projects_calendar set_date parameter. The underlying issue is a reflected XSS vector in that parameter, enabling injection of malicious scripts. Public references in connected sources...