2 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload of .prologue.html file when a crafted URL is accessed. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading a malicious .prologue.html file and tricki...
Advanced HRM Remote Code Execution Vulnerability
Advanced HRM is a human resource management system. A security vulnerability exists in Advanced HRM version 1.6. A remote attacker can exploit the vulnerability by sending a .php file with PHP code to the user/update-user-avatar URI to execute code...