CVE-2019-11559

A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component.
References
Link Resource
https://twitter.com/gpheheise/status/1173896069769519105?s=21 Exploit Third Party Advisory
http://seclists.org/fulldisclosure/2019/Sep/28 Mailing List Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:hrworks:hrworks:1.16.1:*:*:*:*:*:*:*

Information

Published : 2019-09-17 08:15

Updated : 2023-02-28 12:06


NVD link : CVE-2019-11559

Mitre link : CVE-2019-11559


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

hrworks

  • hrworks