Apor

Name of the Vulnerable Software and Affected Versions: HRmaster module version 235 Description: An HTML injection flaw exists in the registration interface of the HRmaster module. An attacker can inject HTML tags into the `keresztnév` (firstname) field. This injected HTML is included in emails, potentially enabling phishing attacks against previously unregistered email addresses. Recommendations: Sanitize user input in the `keresztnév` (firstname) field during the registration process to prevent HTML injection.