A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/155244/Adrenalin-Core-HCM-5.4.0-Cross-Site-Scripting.html | |
https://www.knowcybersec.com/2019/02/CVE-2018-12653-reflected-XSS.html | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-03-25 19:29
Updated : 2024-02-28 17:08
NVD link : CVE-2018-12653
Mitre link : CVE-2018-12653
CVE.ORG link : CVE-2018-12653
JSON object : View
Products Affected
myadrenalin
- adrenalin
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')