Cross-Site Scripting Flaw in OrangeHRM Software
CVE-2014-100021

Currently unrated

Key Information:

Vendor: Orangehrm
Status: Orangehrm
Vendor: CVE Published:; 13 January 2015

What is CVE-2014-100021?

A cross-site scripting vulnerability exists in OrangeHRM's web interface that enables attackers to inject arbitrary web scripts or HTML through the empsearch[employee_name][empId] parameter. This flaw can potentially expose sensitive information or lead to unauthorized access, making it a significant security risk for users running versions prior to 3.1.2.

References

http://secunia.com/advisories/57206

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/65904

vdb-entryx_refsource_BID

http://sourceforge.net/projects/orangehrm/files/stable/3....

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 13, 2015

CVE-2014-100021 Data

JSON

Orangehrm

What is CVE-2014-100021?

References

Timeline