Mariusz Sepczuk

**Name of the Vulnerable Software and Affected Versions** ConnX ESP HR Management versions prior to 6.6 **Description** The issue is related to an Improper Neutralization of Input During Web Page Generation vulnerability in the "Update of Personal Details" form, allowing a Stored XSS attack. An attacker might inject a script to be run in a user's browser. Despite multiple attempts to contact the vendor, no response was received. **Recommendations** For versions prior to 6.6, consider disabling the "Update of Personal Details" form until a patch is available to prevent potential Stored XSS attacks. Restrict access to this form to minimize the risk of exploitation. Avoid using this form until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.