OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability.
orangehrm orangehrm 4.10