Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM prior to 2.6.11.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
orangehrm orangehrm 2.6.7 |
||
orangehrm orangehrm 2.6.6 |
||
orangehrm orangehrm 2.6.0.1 |
||
orangehrm orangehrm |
||
orangehrm orangehrm 2.6.5 |
||
orangehrm orangehrm 2.6.4 |
||
orangehrm orangehrm 2.6.8.1 |
||
orangehrm orangehrm 2.6.8 |
||
orangehrm orangehrm 2.6.1 |
||
orangehrm orangehrm 2.6.0 |
||
orangehrm orangehrm 2.6.10 |
||
orangehrm orangehrm 2.6.9 |
||
orangehrm orangehrm 2.6.3 |
||
orangehrm orangehrm 2.6.2 |