A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component.
References
Link | Resource |
---|---|
https://twitter.com/gpheheise/status/1173896069769519105?s=21 | Exploit Third Party Advisory |
http://seclists.org/fulldisclosure/2019/Sep/28 | Mailing List Third Party Advisory |
Configurations
Information
Published : 2019-09-17 08:15
Updated : 2023-02-28 12:06
NVD link : CVE-2019-11559
Mitre link : CVE-2019-11559
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
hrworks
- hrworks