Rishu Ranjan

**Name of the Vulnerable Software and Affected Versions** Adrenalin 5.4 HRMS Software (affected versions not specified) **Description** A Reflected Cross Site Scripting (XSS) issue was discovered. The user-supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the "LeaveEmployeeSearch.aspx" API endpoint, specifically through the `prntFrmName` or `prntDDLCntrlName` parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adrenalin HRMS version 5.4.0 **Description** A Reflected Cross Site Scripting issue exists, allowing an attacker to input malicious JavaScript code in the "/RPT/SSRSDynamicEditReports.aspx" API endpoint via the `ReportId` parameter. **Recommendations** For Adrenalin HRMS version 5.4.0, consider restricting access to the "/RPT/SSRSDynamicEditReports.aspx" endpoint until a fix is available, and avoid using the `ReportId` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Adrenalin 5.4 HRMS Software (affected versions not specified) **Description** A Reflected Cross Site Scripting (XSS) issue was discovered. The user-supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the "ShiftEmployeeSearch.aspx" API endpoint, specifically through the `prntFrmName` or `prntDDLCntrlName` parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adrenalin HRMS version 5.4.0 **Description** The issue is related to a Reflected Cross Site Scripting (XSS) vulnerability. It affects the ApplicationEmployeeSearch page, specifically via the `prntDDLCntrlName` and `prntFrmName` variables. **Recommendations** For Adrenalin HRMS version 5.4.0, consider restricting access to the ApplicationEmployeeSearch page until a fix is available. As a temporary workaround, avoid using the `prntDDLCntrlName` and `prntFrmName` variables in the affected page to minimize the risk of exploitation.