Reflective Cross Site Scripting in HRIS software (HRMS product)
A vulnerability in the HRIS software (HRMS product) leads to a reflective cross site scripting.
Details about vulnerability
There is an improper neutralization of input during web page generation in the F_NavForm parameter.
Versions belows 4.17 are vulnerable. This vulnerability is fixed in version 4.17.
We are not aware of any fixes. The vendor was contacted the 9th January 2015 for more information.
CIRCL would like to thank the reporter.
Classification of this document
TLP:WHITE information may be distributed without restriction, subject to copyright controls.
- Version 1.0 - TLP:WHITE - First version (20150629)