BugTraq
OrangeHRM 2.7.1 Vacancy Name Persistent XSS Jan 10 2013 12:00PM
SBV Research (research silverbackventuresllc com)
OrangeHRM[1] 2.7.1[2] -- the latest stable release as of this writing --
suffers from a persistent XSS in the vacancy name variable. Steps:


1. Navigate to following URL:
http://[domain]/symfony/web/index.php/recruitment/viewJobVacancy

2. Add or Edit a Vacancy
3. In the Vacancy Name parameter put XSS script
4. Save
5. Navigate back to top Vacancy page (click back button)
6. Witness XSS

Screen shots of above exploit steps may be found on my website (for
those who want additional validation):
http://securitymaverick.com/?p=408

I contacted OrangeHRM[3] but did not receive a reply.


Thanks,
Ken

PS -Currently on twitter:
https://twitter.com/infosecmaverick

----------------
[1] http://sourceforge.net/projects/orangehrm/
[2] http://sourceforge.net/projects/orangehrm/files/stable/2.7.1/
[3] http://www.orangehrm.com/

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus