OrangeHRM Multiple Cross Site Scripting and SQL Injection Vulnerabilities

Bugtraq ID: 50857
Class: Input Validation Error
CVE: CVE-2011-5258
CVE-2011-5259
Remote: Yes
Local: No
Published: Nov 30 2011 12:00AM
Updated: Feb 14 2013 12:21PM
Credit: High-Tech Bridge SA Security Research Lab
Vulnerable: OrangeHRM OrangeHRM 2.6.11
OrangeHRM OrangeHRM 2.6.3
OrangeHRM OrangeHRM 2.6.2
OrangeHRM OrangeHRM 2.6 1
OrangeHRM OrangeHRM 2.5 .4
OrangeHRM OrangeHRM 2.4.2
OrangeHRM OrangeHRM 2.4.1
OrangeHRM OrangeHRM 2.2.2
OrangeHRM OrangeHRM 2.2.1
OrangeHRM OrangeHRM 2.4
OrangeHRM OrangeHRM 2.2
OrangeHRM OrangeHRM 2.1 (alpha 5)
OrangeHRM OrangeHRM 2.1 (alpha 4)
OrangeHRM OrangeHRM 2.1
Not Vulnerable: OrangeHRM OrangeHRM 2.6.11.2


 

Privacy Statement
Copyright 2010, SecurityFocus