7 matches found
EUVD-2013-1392
Malware in sbrugna...
CVE-2013-1353
Orange HRM 2.7.1 allows XSS via the vacancy name...
Cross site scripting
Orange HRM 2.7.1 allows XSS via the vacancy name...
CVE-2013-1353
Orange HRM 2.7.1 allows XSS via the vacancy name...
CVE-2013-1353
CVE-2013-1353 affects Orange HRM 2.7.1 and is documented as a cross-site scripting (XSS) vulnerability via the vacancy name. The linked NVD entry provides CVSS metrics: CVSSv2 base score 3.5 (LOW) and CVSSv3.1 base score 5.4 (MEDIUM). CVSSv3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:...
OrangeHRM 2.7.1 Vacancy Name Persistent XSS
OrangeHRM1 2.7.12 -- the latest stable release as of this writing -- suffers from a persistent XSS in the vacancy name variable. Steps: 1. Navigate to following URL: http://domain/symfony/web/index.php/recruitment/viewJobVacancy 2. Add or Edit a Vacancy 3. In the Vacancy Name parameter put XSS...
OrangeHRM 2.7.1 Cross Site Scripting
OrangeHRM1 2.7.12 -- the latest stable release as of this writing -- suffers from a persistent XSS in the vacancy name variable. Steps: 1. Navigate to following URL: http://domain/symfony/web/index.php/recruitment/viewJobVacancy 2. Add or Edit a Vacancy 3. In the Vacancy Name parameter put XSS...