Reflected XSS Vulnerability in HRSALE 2.0.0 by HRSALE
CVE-2020-29053

6.1MEDIUM

Key Information:

Vendor

Hrsale

Status
Hrsale
Vendor
CVE Published:
24 November 2020

What is CVE-2020-29053?

HRSALE version 2.0.0 is susceptible to a reflected cross-site scripting (XSS) attack through the 'set_date' parameter in the projects_calendar section of the admin panel. An attacker can exploit this vulnerability to inject malicious scripts that could be executed in the context of a user's browser, potentially leading to unauthorized access to sensitive information or session hijacking. Ensuring timely patching and input validation can mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://grimthereaperteam.medium.com/hrsale-v-2-0-0-refle...
x_refsource_MISC
https://hrsale.com/update_log.php
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.