User_X73X76X6E

Name of the Vulnerable Software and Affected Versions: Persis Human Resource Management Portal versions 17.2.00 through 17.2.35 Persis Human Resource Management Portal versions 19.0.00 through 19.0.20 Description: The job posting recommendation form in the Persis Human Resource Management Portal allows XSS via the `SENDER` parameter when the "Recommend job posting" function is enabled. Recommendations: For versions 17.2.00 through 17.2.35, consider disabling the "Recommend job posting" function until a patch is available. For versions 19.0.00 through 19.0.20, consider disabling the "Recommend job posting" function until a patch is available. As a temporary workaround, avoid using the `SENDER` parameter in the affected form until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server versions prior to the fixed version Microsoft SharePoint Enterprise Server versions prior to the fixed version **Description** The issue is related to insufficient sanitization of web requests, allowing an attacker to conduct cross-site scripting attacks by sending a specially crafted web request to the vulnerable server. This could enable the attacker to read unauthorized content, use the victim's identity to take actions on the SharePoint site, and inject malicious content into the user's browser. **Recommendations** For Microsoft SharePoint Server versions prior to the fixed version, update to the latest version to resolve the issue. For Microsoft SharePoint Enterprise Server versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to vulnerable API endpoints until a patch is available. Avoid using vulnerable parameters in affected API endpoints until the issue is resolved.