A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter.
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.com/files/155231/Adrenalin-Core-HCM-5.4.0-Cross-Site-Scripting.html | |
| https://www.knowcybersec.com/2018/09/first-cve-2018-12234-reflected-XSS.html | Exploit Third Party Advisory |
| https://www.thecysec.in/2020/04/xxs-adrenalin-generalinfo-cve-id.html | URL Repurposed |
Configurations
History
14 Feb 2024, 01:17
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://www.thecysec.in/2020/04/xxs-adrenalin-generalinfo-cve-id.html - URL Repurposed |
Information
Published : 2018-09-06 23:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-12234
Mitre link : CVE-2018-12234
CVE.ORG link : CVE-2018-12234
JSON object : View
Products Affected
myadrenalin
- adrenalin
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')