CVE-2014-1224

Name of the Vulnerable Software and Affected Versions rexx Recruitment versions R6.1 through R7 without fixes from 2014-01-15

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via the oninput event handler in the fname parameter to the default URI in "/reg".

Recommendations For versions R6.1 through R7 without fixes from 2014-01-15, apply the fixes from 2014-01-15 to resolve the issue. As a temporary workaround, consider restricting access to the user registration feature or disabling the oninput event handler in the fname parameter to minimize the risk of exploitation.