2 matches found
Cross site scripting
Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting XSS attacks via the oninput event handler in the fname parameter to the default URI in /reg...
CVE-2014-1224
CVE-2014-1224 affects rexx Recruitment (R6.1 and R7) with an incomplete blacklist that does not remove the oninput event handler from user input in /reg, enabling remote XSS via the fname field. The root cause is failure to neutralize unknown HTML/JS event handlers in user-supplied data; a proof-...