BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
OrangeHRM 2.7.1 Vacancy Name Persistent XSS Jan 10 2013 12:00PM
SBV Research (research silverbackventuresllc com)
OrangeHRM[1] 2.7.1[2] -- the latest stable release as of this writing --
suffers from a persistent XSS in the vacancy name variable. Steps:


1. Navigate to following URL:
http://[domain]/symfony/web/index.php/recruitment/viewJobVacancy

2. Add or Edit a Vacancy
3. In the Vacancy Name parameter pu...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus