Multiple Cross-Site Scripting Vulnerabilities in OrangeHRM by OrangeHRM Inc.
CVE-2012-1507

Currently unrated

Key Information:

Vendor

Orangehrm

Status
Orangehrm
Vendor
CVE Published:
17 September 2014

What is CVE-2012-1507?

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in OrangeHRM prior to version 2.7, allowing remote attackers to inject arbitrary web scripts or HTML. The vulnerabilities can be exploited through specific parameters, including 'newHspStatus' in plugins/ajaxCalls/haltResumeHsp.php, 'sortOrder1' in templates/hrfunct/emppop.php, or 'uri' in index.php. This risk may lead to unauthorized actions or data manipulation by attackers, severely affecting the security posture of the affected systems.

References

http://www.securityfocus.com/bid/53433
vdb-entryx_refsource_BID
https://www.htbridge.com/advisory/HTB23080
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/75473
vdb-entryx_refsource_XF

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.