Cross-Site Scripting Vulnerabilities in OrangeHRM by OrangeHRM, Inc.
CVE-2011-5258

Currently unrated

Key Information:

Vendor

Orangehrm

Status
Orangehrm
Vendor
CVE Published:
12 February 2013

What is CVE-2011-5258?

Multiple XSS vulnerabilities exist in OrangeHRM versions prior to 2.6.11.2, allowing remote attackers to inject arbitrary web scripts or HTML. These vulnerabilities can be exploited through the 'uniqcode' and 'isAdmin' parameters in index.php, as well as via the PATH_INFO parameter in lib/controllers/centralcontroller.php. This allows for potential unauthorized actions and data breaches, making web applications susceptible to malicious attacks.

References

https://www.htbridge.ch/advisory/multiple_vulnerabilities...
x_refsource_MISC
http://www.securityfocus.com/archive/1/520684/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/71568
vdb-entryx_refsource_XF

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.