Guozhao Liao

**Name of the Vulnerable Software and Affected Versions** pbrong hrms version 1.0.1 **Description** A cross-site scripting issue exists in pbrong hrms. The issue is located in the `UpdateRecruitmentById` function within the `/handler/recruitment.go` file. This manipulation can be exploited remotely. The exploit is publicly available. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/handler/recruitment.go` file or disabling the `UpdateRecruitmentById` function until a patch is available.